Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[fix][sec] Do Not Merge: Upgrade Debezium oracle connector version to avoid CVE-2023-4586 #8

Closed
wants to merge 3 commits into from

Conversation

nikhilerigila09
Copy link
Collaborator

Fixes apache#22626

Motivation

Avoid CVE-2023-4586

Modifications

Upgrade debezium-oracle-connector version to 2.2.0.Final
which avoids org.infinispan:infinispan-client-hotrod@14.0.4.Final which has the vulnerability and uses org.infinispan:infinispan-client-hotrod-jakarta@14.0.4.Final instead, which has no vulnerabilities.

Verifying this change

  • Make sure that the change passes the CI checks.

Does this pull request potentially affect one of the following parts:

If the box was checked, please highlight the changes

  • Dependencies (add or upgrade a dependency)
  • The public API
  • The schema
  • The default values of configurations
  • The threading model
  • The binary protocol
  • The REST endpoints
  • The admin CLI options
  • The metrics
  • Anything that affects deployment

Documentation

  • doc
  • doc-required
  • doc-not-needed
  • doc-complete

@nikhilerigila09 nikhilerigila09 deleted the oracle-upgrade branch June 5, 2024 04:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

[Bug] Infinispan Client Hotrod has a vulnerability CVE-2023-4586
1 participant