This is an automated email from the ASF dual-hosted git repository.
lhotari pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new 4a5953640fd [fix][sec] Upgrade Debezium oracle connector version to
avoid CVE-2023-4586 (#22641)
4a5953640fd is described below
commit 4a5953640fd93f8ecac39c7713851ac4c1ab902b
Author: Nikhil Erigila <[email protected]>
AuthorDate: Sat May 4 02:00:28 2024 +0530
[fix][sec] Upgrade Debezium oracle connector version to avoid CVE-2023-4586
(#22641)
---
pom.xml | 1 +
pulsar-io/debezium/oracle/pom.xml | 3 ++-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 048bc952466..4bfdc54e55d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -198,6 +198,7 @@ flexible messaging model and an intuitive client
API.</description>
<opensearch.version>1.2.4</opensearch.version>
<elasticsearch-java.version>8.5.2</elasticsearch-java.version>
<debezium.version>1.9.7.Final</debezium.version>
+ <debezium.oracle.version>2.2.0.Final</debezium.oracle.version>
<debezium.postgresql.version>42.5.0</debezium.postgresql.version>
<debezium.mysql.version>8.0.30</debezium.mysql.version>
<!-- Override version that brings CVE-2022-3143 with debezium -->
diff --git a/pulsar-io/debezium/oracle/pom.xml
b/pulsar-io/debezium/oracle/pom.xml
index c69640ecff7..b22a5785dfb 100644
--- a/pulsar-io/debezium/oracle/pom.xml
+++ b/pulsar-io/debezium/oracle/pom.xml
@@ -48,7 +48,8 @@
<dependency>
<groupId>io.debezium</groupId>
<artifactId>debezium-connector-oracle</artifactId>
- <version>${debezium.version}</version>
+ <version>${debezium.oracle.version}</version>
+ <scope>runtime</scope>
</dependency>
</dependencies>
