-
-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump mysql-connector-java to 8.0.23 (Fixes #5473) #5474
Bump mysql-connector-java to 8.0.23 (Fixes #5473) #5474
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would like @MiniDigger review here, but looks good to me! As this is not API and even marked as runtime-only, I can't see an issue with just bumping it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the connector is not API and no sane plugin should be interfacing with the connector directly, maybe wanna add a paper comment there just for patch noise but, generally, 👍
rebase 🔪 |
Rebased |
This PR bumps
mysql-connector-java
to8.0.23
due to 1 high and 1 medium level vulnerabilities being found affecting the current version ofmysql-connector-java
that Paper uses (5.1.49
). Those vulnerabilities being Access Control Bypass and Privilege Escalation, respectively.Testing needed with plugins that use
mysql-connector-java
to see if this version bump can break things.