Changelog¶
Version 1.1.26¶
- Resolved the following CVEs: CVE-2023-2976, CVE-2023-26048, CVE-2023-26049, and sonatype-2022-643.
Version 1.1.25¶
- Updated dependencies to address CVEs
Version 1.1.24¶
- Updated
woodstox-core
andjackson-databind
dependency
Version 1.1.23¶
- Updated Apache Ivy version to remove vulnerability
Version 1.1.22¶
- CCMSG-2151: CVE fix for jetty
- CCMSG-2149: CVE fix for netty
- CCMSG-2148: CVE fix for bouncycastle
- CCMSG-2158: CVE fix for hadoop
Version 1.1.21¶
- CCMSG-2170: Updated Derby version
- Removed logging of SinkRecord
Version 1.1.20¶
- Implemented closing file systems in WAL File Reader when an exception is caught
Version 1.1.19¶
- CCMSG-1955: CVE fix - Removed dependency on slf4j-log4j12
Version 1.1.18¶
No changes
Version 1.1.17¶
- CCMSG-2038: Address CVEs in hadoop.
Version 1.1.16¶
No changes
Version 1.1.15¶
- CCMSG-1957: Replace confluent-log4j with reload4j for CVE fix
- CCMSG-1654: Replace hadoop-shaded-protobuf with storage-common to fix Protobuf-Java CVE-2021-22569-1
Version 1.1.14¶
- CCMSG-1687 CVE fix for guava test scoped dependency.
Version 1.1.13¶
- CCMSG-1906 Address CVEs for ant, jsp, groovy, derby, netty and orc.
Version 1.1.12¶
- CCMSG-1797 update to latest storage commons to fix Avro CVE
- CCMSG-1798 added exclusion for ant to fix CVE
Version 1.1.11¶
- Minor: Set fs.automatic.close to false in Hadoop configuration to cleanup temp files
Version 1.1.10¶
- Minor:Upgrade connect-commons-plugins from 0.8.12 to 0.8.13 to use backward compatible licensing jar
- Minor:Upgrade connect-commons-plugins from 0.8.11 to 0.8.12 to remove nano version
- CCMSG-1749 upgraded storage commmons to latest to resolve jackson databind 2.13.2 CVE
- CVE: Upgrade connect-commons-plugins from 0.8.10 to 0.8.11
- CCMSG-1730 updated to latest commons to fix jackson databind CVE-2020-36518
- CCMSG-1653 resolved protobuf CVE by upgrading to latest commons
Version 1.1.9¶
- CCMSG-1614 Update log4j to latest (2.17.1)
- Bump log4j version to v2.17.0
Version 1.1.8¶
- Bump log4j version to 2.16.0
Version 1.1.7¶
- Bump up the dependency for log4j to 2.15.0
Version 1.1.6¶
- CCMSG-1369: Correctly calculate and track kafka consumer group offset
- Bump storage-common version to 10.0.8 and exclude netty-codec
- CCMSG-1419 [CVE] Upgrade netty version to 4.1.68.final
Version 1.1.5¶
- Fix duplicates in hive for parquet and Avro
Version 1.1.4¶
- CCMSG-1234: Pin version of nimbus-jose-jwt to upgrade shaded json-smart to 2.4.7
Version 1.1.3¶
- CCMSG-1329: Prevent leak of fs in io.confluent.connect.hdfs.wal.WALFile
- Upgrade commons compress to 1.21 to resolve CVE
Version 1.1.2¶
- CCMSG-1179: Bump storage-common, netty, jersey and add exclusions to resolve CVES
- CCMSG-1066: Update json-smart to 2.4.7 through parent to resolve CVE
- CC-15014: Bump jetty, hadoop version to resolve CVEs
Version 1.1.1¶
- CCSMSG-852: Swallow exception when applying corrupt WAL
Version 1.1.0¶
- Update kafka-connect-storage-common-htrace-core4-shaded to 10.0.3 to resolve CVE
- CCMSG-435: Upgrade parent pom to 0.6.2, storage-common to 10.0.3 and jackson-databind to 2.10.5.1 to resolve CVE
- CCMSG-609: Upgrade bouncy castle to 1.67 to resolve CVE
- Update Avatica transitive dependency to 1.17.0 and fix CVEs
- SEC-1034: log4j migration to Confluent repackaged version
- CC-8758: Upgrade Netty to 4.1.48.Final and add exclusions to resolve CVE
- Pin BeanUtils to 1.9.4 to resolve CVE
- CC-8713: Exclude Jetty transient dependencies and resolve CVE
- CC-9756: Validate timezone configuration with
rotate.schedule.interval.ms
- CC-8809: Replace assignment with
topicPartitionWriters.keySet
- CC-8119: Fix HDFS 3 version file and add test
- CC-8103: HDFS 3 format options are not showing all available options
- Fix
NullPointerException
that occurs for theconfig store.url
property - CC-6423: Disable FileSystem Object Caching
- CC-5969: Pass extra connector configs to the partitioner