Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump elastic search client and kafka dependencies #724

Merged
merged 2 commits into from Nov 9, 2023
Merged

Bump elastic search client and kafka dependencies #724

merged 2 commits into from Nov 9, 2023

Conversation

subhashiyer9
Copy link
Member

@subhashiyer9 subhashiyer9 commented Nov 8, 2023
edited

Problem

Fix CVE-2023-31418 and CVE-2023-43642

Solution

Update elastic search client version and io.confluent:common to fix snappy-java

Does this solution apply anywhere else?
  • yes
  • no
If yes, where?

Test Strategy

Testing done:
  • Unit tests
  • Integration tests
  • System tests
  • Manual tests - Tested on docker playground against few of elastic search server versions - 7.12.0, 7.17.0 and 8.11.0

Release Plan

The fix will be released to CP first and then fixed in cloud.
The patch will be backported to older branches after some additional fixes.

@cla-assistant CLA Assistant
Copy link

cla-assistant bot commented Nov 8, 2023
edited

CLA assistant check
All committers have signed the CLA.

@cla-assistant CLA Assistant
Copy link

cla-assistant bot commented Nov 8, 2023

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@subhashiyer9 subhashiyer9 marked this pull request as ready for review November 8, 2023 17:34
@subhashiyer9 subhashiyer9 requested a review from a team as a code owner November 8, 2023 17:34
sp-gupta
sp-gupta previously approved these changes Nov 9, 2023
View reviewed changes
@subhashiyer9 subhashiyer9 merged commit 9225f8f into 13.0.x Nov 9, 2023
3 checks passed
@subhashiyer9 subhashiyer9 deleted the secops-15593-15594 branch November 9, 2023 06:00
subhashiyer9 pushed a commit that referenced this pull request Nov 9, 2023
@ConfluentJenkins
Bump elastic search client and kafka dependencies(snappy-java) (#724) (
423b1bd 
…#726)

Fix CVE-2023-31418 and CVE-2023-43642

* Bump elastic search client and kafka dependencies
* Clean up duplicate dependency definitions
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sp-gupta sp-gupta sp-gupta approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@subhashiyer9 @sp-gupta