Skip to content

Commit ef4917c

Browse files
nicoloboschinicoloboschi
committed
[security] Upgrade Postgre driver to 42.2.25 to get rid of CVE-2022-21724 (apache#14119)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21724 Upgrade both `jdbc` and `debezium` Postgre java driver dependency to 42.2.25 (from 42.2.24 and 42.2.22). Note: the version is not shared on purpose because we should leave the driver dependencies separated since the two connectors are used in different ways. (For example, when we'll upgrade Debezium to 1.8.x we'll need to remove the override and keep the 42.3.x version) For cherry-picks, branch-2.9 and branch-2.8 are compatible since: * branch-2.9 has the same debezium version * branch-2.8 has 1.0.0 but it uses [pg driver 42.2.x](https://search.maven.org/artifact/io.debezium/debezium-parent/1.0.0.Final/pom) as well - [x] `no-need-doc` (cherry picked from commit 6481845)
1 parent 6281523 commit ef4917c

File tree

2 files changed

+9
-1
lines changed

2 files changed

+9
-1
lines changed

pom.xml

+2-1
Original file line numberDiff line numberDiff line change
@@ -148,7 +148,7 @@ flexible messaging model and an intuitive client API.</description>
148148
<jclouds.version>2.3.0</jclouds.version>
149149
<sqlite-jdbc.version>3.8.11.2</sqlite-jdbc.version>
150150
<mysql-jdbc.version>8.0.11</mysql-jdbc.version>
151-
<postgresql-jdbc.version>42.2.24</postgresql-jdbc.version>
151+
<postgresql-jdbc.version>42.2.25</postgresql-jdbc.version>
152152
<clickhouse-jdbc.version>0.3.2</clickhouse-jdbc.version>
153153
<mariadb-jdbc.version>2.6.0</mariadb-jdbc.version>
154154
<hdfs-offload-version3>3.3.1</hdfs-offload-version3>
@@ -158,6 +158,7 @@ flexible messaging model and an intuitive client API.</description>
158158
<scala.binary.version>2.13</scala.binary.version>
159159
<scala-library.version>2.13.6</scala-library.version>
160160
<debezium.version>1.7.1.Final</debezium.version>
161+
<debezium.postgresql.version>42.2.25</debezium.postgresql.version>
161162
<jsonwebtoken.version>0.11.1</jsonwebtoken.version>
162163
<opencensus.version>0.18.0</opencensus.version>
163164
<hbase.version>2.4.9</hbase.version>

pulsar-io/debezium/postgres/pom.xml

+7
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,13 @@
4444
<version>${debezium.version}</version>
4545
</dependency>
4646

47+
<dependency>
48+
<groupId>org.postgresql</groupId>
49+
<artifactId>postgresql</artifactId>
50+
<version>${debezium.postgresql.version}</version>
51+
<scope>runtime</scope>
52+
</dependency>
53+
4754
</dependencies>
4855

4956
<build>

0 commit comments

Comments
 (0)