-
Notifications
You must be signed in to change notification settings - Fork 329
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Critical Vulnerability CVE-2022-26612 #508
Comments
+1 ^^^ My organization also would benefit heavily from a vulnerability patch with this |
tojaroslaw
added a commit
to tojaroslaw/kafka-connect-storage-common
that referenced
this issue
Jul 21, 2022
Update pom.xml to use hadoop version 3.3.3 to remediate security vulnerabilities CVE-2021-37404 CVE-2022-26612 This addresses the issue raised here: confluentinc/kafka-connect-storage-cloud#508
6 tasks
I tried to create a PR to address this confluentinc/kafka-connect-storage-common#256 I'm hoping someone can take a look at it! |
Toby, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi confluent team!
I noticed that
confluentinc-kafka-connect-s3-10.0.7
recently got flagged by our vulnerability scanner just today with the critical vulnerability, CVE-2022-26612. From a brief glance, I think the culprit ishadoop
. Apparently, they fixed this vulnerability in version3.2.3
, but I saw that the lib files still use2.10.1
. Since this is a major version change, I understand any concern about upgrading too hastily, but I was just hoping to get an ETA on when we can get a clean version ofconfluentinc-kafka-connect-s3
. Our organization has a policy of remediating all critical vulnerabilities, so any update would be greatly appreciated.Thanks, Toby
The text was updated successfully, but these errors were encountered: