-> v1.8.0-RC3 #1687
-> v1.8.0-RC3 #1687
Conversation
CHANGELOG.md
Outdated
|
|
||
| ## Fixes | ||
|
|
||
| - **Breaking Change:** Updated the message framing format used by the Protobuf serdes to be compatible with the Java Protobuf serdes (message |
There was a problem hiding this comment.
This needs more context, e.g., what type of clients (classes) that this applies to, and a proper mention of Schema-Registry.
There was a problem hiding this comment.
technically, this doesn't necessarily need to have anything to do with Confluent Schema registry. I'm not sure the change log is the place to write a tutorial on how all this works, but i'll add a note anyway.
| - **Breaking Change:** Updated the message framing format used by the Protobuf serdes to be compatible with the Java Protobuf serdes (message | ||
| indices now use zigzag encoding). To disable, set the `UseDeprecatedFormat` configuration property to `true`. ([rayokota](https://github.com/rayokota)). | ||
|
|
||
| ## Security |
There was a problem hiding this comment.
So empty.
Mention the fixed zlib CVEs:
Upgrade bundled zlib version from 1.2.8 to 1.2.11 in the librdkafka.redist NuGet package. The updated zlib version fixes CVEs: CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843 See https://github.com/edenhill/librdkafka/issues/2934 for more information.
|
Hey, not sure if this is the right place to ask, but could you update the external dependencies in this branch? |
|
thanks for the heads up @wuhkuh - i'll do this. |
|
@wuhkuh - i'm wondering if you understand / can explain what the issue is in more depth and how bumping the dependency version helps. My understanding is that by specifying an exact version as a dependency as we do, what we're actually doing is specifying a minimum version ( https://docs.microsoft.com/en-us/nuget/concepts/package-versioning#version-ranges ). So if a higher version is specified anywhere else in your project, or in a dependency of your project, that should be the version of There is a possibly related problem with the 4.5.0 Note: I don't think bumping would be considered backwards incompatible. It would be a breaking change if some other dependency of a project using I most likely think we should do the bump, I just wanted to defer until 1.8.1 due to the above uncertainty. We want to get 1.8.0 out quickly because of the CVEs. We can do 1.8.1 quickly after. |
|
@mhowlett Sure thing! JsonSchemaValidator.Validate has been augmented with an optional parameter with a default value in this commit. This is fully compatible API-wise, but this is handled at the call site in IL. I compiled two versions of Confluent.SchemaRegistry.Serdes.Json with both current NJsonSchema (as in the .csproj file), and the latest version. Confluent.SchemaRegistry.Serdes.Json + NJsonSchema 10.1.5: IL_0063: callvirt instance class [netstandard]System.Collections.Generic.ICollection`1<class [NJsonSchema]NJsonSchema.Validation.ValidationError>[NJsonSchema]NJsonSchema.Validation.JsonSchemaValidator::Validate(string, class [NJsonSchema]NJsonSchema.JsonSchema)Confluent.SchemaRegistry.Serdes.Json + NJsonSchema 10.5.2: IL_0063: ldc.i4.0
IL_0064: callvirt instance class [netstandard]System.Collections.Generic.ICollection`1<class [NJsonSchema]NJsonSchema.Validation.ValidationError>[NJsonSchema]NJsonSchema.Validation.JsonSchemaValidator::Validate(string, class [NJsonSchema]NJsonSchema.JsonSchema, valuetype [NJsonSchema]NJsonSchema.SchemaType)This means that by depending on a newer version of NJsonSchema, the runtime will throw a |
|
ok, i was aware of this... but now I understand the scenario and how bumping the dependency helps. thanks. |
No description provided.