aonamrata commented on issue #1612: URL: https://github.com/apache/camel-kafka-connector/issues/1612#issuecomment-2360040184
I got it working with 4.4.3 ``` FROM confluentinc/cp-kafka-connect:7.7.1 ENV DYNAMODB_CONNECTOR_VERSION='4.4.3' ENV CAMEL_REPOSITORY_BASE_URL="https://repo1.maven.org/maven2/org/apache/camel/kafkaconnector"; RUN mkdir /usr/share/camel && \ wget -O /usr/share/camel/camel-aws-ddb-sink-kafka-connector-${DYNAMODB_CONNECTOR_VERSION}-package.tar.gz ${CAMEL_REPOSITORY_BASE_URL}/camel-aws-ddb-sink-kafka-connector/${DYNAMODB_CONNECTOR_VERSION}/camel-aws-ddb-sink-kafka-connector-${DYNAMODB_CONNECTOR_VERSION}-package.tar.gz && \ tar -C /usr/share/camel -zxvf /usr/share/camel/camel-aws-ddb-sink-kafka-connector-${DYNAMODB_CONNECTOR_VERSION}-package.tar.gz ``` There are no changes to the actual connector configs or working so it was just version bump once the confluent guys released a new version with Java 17. FYI with this new image there are still 1 high priority vulnerabilities ``` [2024-09-19T05:53:14.828Z] ###### FAILED FINDINGS ###### [2024-09-19T05:53:14.828Z] { [2024-09-19T05:53:14.828Z] "severity": "high", [2024-09-19T05:53:14.828Z] "priority_intelligence": "unverified", [2024-09-19T05:53:14.828Z] "related": [ [2024-09-19T05:53:14.828Z] "GHSA-4g9r-vxhx-9pgx" [2024-09-19T05:53:14.828Z] ], [2024-09-19T05:53:14.828Z] "references": [ [2024-09-19T05:53:14.828Z] "https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf";, [2024-09-19T05:53:14.828Z] "https://alas.aws.amazon.com/AL2023/ALAS-2024-561.html";, [2024-09-19T05:53:14.828Z] "https://access.redhat.com/errata/RHSA-2024:4057";, [2024-09-19T05:53:14.828Z] "https://www.cve.org/CVERecord?id=CVE-2024-25710";, [2024-09-19T05:53:14.828Z] "https://access.redhat.com/errata/RHSA-2024:1924";, [2024-09-19T05:53:14.828Z] "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064413";, [2024-09-19T05:53:14.828Z] "https://access.redhat.com/errata/RHSA-2024:1509";, [2024-09-19T05:53:14.828Z] "https://alas.aws.amazon.com/AL2023/ALAS-2024-560.html";, [2024-09-19T05:53:14.828Z] "https://access.redhat.com/errata/RHSA-2024:1706";, [2024-09-19T05:53:14.828Z] "https://access.redhat.com/errata/RHSA-2024:1662";, [2024-09-19T05:53:14.828Z] "https://alas.aws.amazon.com/AL2/ALAS-2024-2493.html";, [2024-09-19T05:53:14.828Z] "https://access.redhat.com/errata/RHSA-2024:3527";, [2024-09-19T05:53:14.828Z] "https://access.redhat.com/errata/RHSA-2024:3989";, [2024-09-19T05:53:14.828Z] "https://nvd.nist.gov/vuln/detail/CVE-2024-25710";, [2024-09-19T05:53:14.828Z] "https://access.redhat.com/errata/RHSA-2024:2833"; [2024-09-19T05:53:14.828Z] ], [2024-09-19T05:53:14.828Z] "created": "2024-02-19T09:15:37Z", [2024-09-19T05:53:14.828Z] "description": "Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0.\n\nUsers are recommended to upgrade to version 1.26.0 which fixes the issue.", [2024-09-19T05:53:14.828Z] "affects": [ [2024-09-19T05:53:14.828Z] { [2024-09-19T05:53:14.828Z] "path": "/usr/share/camel/camel-aws-ddb-sink-kafka-connector/commons-compress-1.22.jar/META-INF/maven/org.apache.commons/commons-compress/pom.properties", [2024-09-19T05:53:14.828Z] "fixed_version": "1.26.0", [2024-09-19T05:53:14.828Z] "installed_version": "pkg:maven/org.apache.commons/[email protected]" [2024-09-19T05:53:14.828Z] } [2024-09-19T05:53:14.828Z] ], [2024-09-19T05:53:14.828Z] "id": "CVE-2024-25710", [2024-09-19T05:53:14.828Z] "source": "https://nvd.nist.gov/vuln/detail/CVE-2024-25710";, [2024-09-19T05:53:14.828Z] "priority": "standard", [2024-09-19T05:53:14.828Z] "updated": "2024-03-07T17:15:12Z", [2024-09-19T05:53:14.828Z] } ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
