Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CC-20333] CVE fix for jackson package #711

Merged
merged 4 commits into from Aug 7, 2023
Merged

[CC-20333] CVE fix for jackson package #711

merged 4 commits into from Aug 7, 2023

Conversation

sp-gupta
Copy link
Member

@sp-gupta sp-gupta commented Jul 31, 2023
edited

Problem

https://confluentinc.atlassian.net/browse/CC-20333

Solution

Fixed to 2.15.0 version
Screenshot 2023-07-31 at 6 43 05 PM

Does this solution apply anywhere else?
  • yes
  • no
If yes, where?

Test Strategy

Testing done:
  • Unit tests
  • Integration tests
  • System tests
  • Manual tests
    - Docker Playground
Creating Elasticsearch Sink connector (Elasticsearch version is 7.0.0)
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   634  100   334  100   300   5220   4688 --:--:-- --:--:-- --:--:-- 10745
{
  "name": "elasticsearch-sink",
  "config": {
    "connector.class": "io.confluent.connect.elasticsearch.ElasticsearchSinkConnector",
    "tasks.max": "1",
    "topics": "test-elasticsearch-sink",
    "key.ignore": "true",
    "connection.url": "http://elasticsearch:9200",
    "name": "elasticsearch-sink"
  },
  "tasks": [
    {
      "connector": "elasticsearch-sink",
      "task": 0
    }
  ],
  "type": "sink"
}
Sending messages to topic test-elasticsearch-sink
11:16:31 ℹ️ 🔮 schema was identified as avro
11:16:31 ℹ️ ✨ generating data...
11:16:31 ℹ️ ☢️ --forced-value is set
11:16:31 ℹ️ ✨ 10 records were generated based on --forced-value  (only showing first 10), took: 0min 1sec
{"f1":"value1"}
{"f1":"value2"}
{"f1":"value3"}
{"f1":"value4"}
{"f1":"value5"}
{"f1":"value6"}
{"f1":"value7"}
{"f1":"value8"}
{"f1":"value9"}
{"f1":"value10"}
11:16:35 ℹ️ 💯 Get number of records in topic test-elasticsearch-sink
0
11:16:35 ℹ️ 🛡️ Set compatibility for subject test-elasticsearch-sink-value to NONE
{"compatibility":"NONE"}11:16:35 ℹ️ 📤 producing 10 records to topic test-elasticsearch-sink
11:16:37 ℹ️ 📤 produced 10 records to topic test-elasticsearch-sink, took: 0min 2sec
11:16:37 ℹ️ 💯 Get number of records in topic test-elasticsearch-sink
10
Check that the data is available in Elasticsearch
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2446  100  2446    0     0  32522      0 --:--:-- --:--:-- --:--:-- 34942
{
  "took" : 54,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 10,
      "relation" : "eq"
    },
    "max_score" : 1.0,
    "hits" : [
      {
        "_index" : "test-elasticsearch-sink",
        "_type" : "_doc",
        "_id" : "test-elasticsearch-sink+0+0",
        "_score" : 1.0,
        "_source" : {
          "f1" : "value1"
        }
      },
      {
        "_index" : "test-elasticsearch-sink",
        "_type" : "_doc",
        "_id" : "test-elasticsearch-sink+0+1",
        "_score" : 1.0,
        "_source" : {
          "f1" : "value2"
        }
      },
      {
        "_index" : "test-elasticsearch-sink",
        "_type" : "_doc",
        "_id" : "test-elasticsearch-sink+0+2",
        "_score" : 1.0,
        "_source" : {
          "f1" : "value3"
        }
      },
      {
        "_index" : "test-elasticsearch-sink",
        "_type" : "_doc",
        "_id" : "test-elasticsearch-sink+0+3",
        "_score" : 1.0,
        "_source" : {
          "f1" : "value4"
        }
      },
      {
        "_index" : "test-elasticsearch-sink",
        "_type" : "_doc",
        "_id" : "test-elasticsearch-sink+0+4",
        "_score" : 1.0,
        "_source" : {
          "f1" : "value5"
        }
      },
      {
        "_index" : "test-elasticsearch-sink",
        "_type" : "_doc",
        "_id" : "test-elasticsearch-sink+0+5",
        "_score" : 1.0,
        "_source" : {
          "f1" : "value6"
        }
      },
      {
        "_index" : "test-elasticsearch-sink",
        "_type" : "_doc",
        "_id" : "test-elasticsearch-sink+0+6",
        "_score" : 1.0,
        "_source" : {
          "f1" : "value7"
        }
      },
      {
        "_index" : "test-elasticsearch-sink",
        "_type" : "_doc",
        "_id" : "test-elasticsearch-sink+0+7",
        "_score" : 1.0,
        "_source" : {
          "f1" : "value8"
        }
      },
      {
        "_index" : "test-elasticsearch-sink",
        "_type" : "_doc",
        "_id" : "test-elasticsearch-sink+0+8",
        "_score" : 1.0,
        "_source" : {
          "f1" : "value9"
        }
      },
      {
        "_index" : "test-elasticsearch-sink",
        "_type" : "_doc",
        "_id" : "test-elasticsearch-sink+0+9",
        "_score" : 1.0,
        "_source" : {
          "f1" : "value10"
        }
      }
    ]
  }
}
          "f1" : "value1"
          "f1" : "value10"
          "f1" : "value10"

Release Plan

@sp-gupta sp-gupta requested a review from a team as a code owner July 31, 2023 13:21
@sp-gupta sp-gupta changed the base branch from master to 11.1.x July 31, 2023 14:06
subhashiyer9
subhashiyer9 reviewed Aug 1, 2023
View reviewed changes
pom.xml Outdated Show resolved Hide resolved
@sp-gupta sp-gupta force-pushed the CC-20333 branch 4 times, most recently from ee70551 to 29f82b4 Compare August 1, 2023 10:06
@sp-gupta sp-gupta force-pushed the CC-20333 branch 2 times, most recently from 52cc198 to 46d8126 Compare August 1, 2023 10:48
sp-gupta
sp-gupta commented Aug 1, 2023
View reviewed changes
Jenkinsfile Show resolved Hide resolved
@sp-gupta sp-gupta changed the title [CC-20333] CVE fix for jackson-core [CC-20333] CVE fix for jackson package Aug 1, 2023
@sp-gupta sp-gupta merged commit 89492e8 into 11.1.x Aug 7, 2023
2 checks passed
@sp-gupta sp-gupta deleted the CC-20333 branch August 7, 2023 04:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@subhashiyer9 subhashiyer9 subhashiyer9 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@sp-gupta @subhashiyer9