From 86edf9308cc2b55dd86ca6e62b67ed20ef9cd6e9 Mon Sep 17 00:00:00 2001
From: Toby Mac <tojaroslaw@users.noreply.github.com>
Date: Thu, 21 Jul 2022 15:25:18 -0400
Subject: [PATCH 1/3] Update pom.xml to use hadoop version 3.3.3

Update pom.xml to use hadoop version 3.3.3 to remediate security vulnerabilities

CVE-2021-37404
CVE-2022-26612

This addresses the issue raised here:
https://github.com/confluentinc/kafka-connect-storage-cloud/issues/508
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 82ab60a8b..2396ddbb2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -74,7 +74,7 @@
         <confluent.log4j.version>1.2.17-cp8</confluent.log4j.version>
         <confluent.maven.repo>http://packages.confluent.io/maven/</confluent.maven.repo>
         <dependency.check.version>6.1.6</dependency.check.version>
-        <hadoop.version>2.10.2</hadoop.version>
+        <hadoop.version>3.3.3</hadoop.version>
         <hive.version>2.3.9</hive.version>
         <httpclient.version>4.5.13</httpclient.version>
         <httpcore.version>4.4.4</httpcore.version>

From ccc2b704f756aaa2fb3a21535e70b3a06fb030d0 Mon Sep 17 00:00:00 2001
From: Toby Mac <tojaroslaw@users.noreply.github.com>
Date: Mon, 25 Jul 2022 14:49:33 -0400
Subject: [PATCH 2/3] 3.2.3 worked better in testing

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 2396ddbb2..be2582417 100644
--- a/pom.xml
+++ b/pom.xml
@@ -74,7 +74,7 @@
         <confluent.log4j.version>1.2.17-cp8</confluent.log4j.version>
         <confluent.maven.repo>http://packages.confluent.io/maven/</confluent.maven.repo>
         <dependency.check.version>6.1.6</dependency.check.version>
-        <hadoop.version>3.3.3</hadoop.version>
+        <hadoop.version>3.2.3</hadoop.version>
         <hive.version>2.3.9</hive.version>
         <httpclient.version>4.5.13</httpclient.version>
         <httpcore.version>4.4.4</httpcore.version>

From 5c17f43d7cd339864dd01a470c7627cda115a260 Mon Sep 17 00:00:00 2001
From: Toby Mac <tojaroslaw@users.noreply.github.com>
Date: Thu, 28 Jul 2022 14:56:03 -0400
Subject: [PATCH 3/3] Hadoop 3.2.3 -> 3.2.4

3.2.4 just got released, my company tested with this latest patch and things still works
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index be2582417..7f8bcafb5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -74,7 +74,7 @@
         <confluent.log4j.version>1.2.17-cp8</confluent.log4j.version>
         <confluent.maven.repo>http://packages.confluent.io/maven/</confluent.maven.repo>
         <dependency.check.version>6.1.6</dependency.check.version>
-        <hadoop.version>3.2.3</hadoop.version>
+        <hadoop.version>3.2.4</hadoop.version>
         <hive.version>2.3.9</hive.version>
         <httpclient.version>4.5.13</httpclient.version>
         <httpcore.version>4.4.4</httpcore.version>