davidzollo opened a new pull request, #9837:
URL: https://github.com/apache/seatunnel/pull/9837
Upgrade Apache Kafka (CVE-2023-25194) and PostgreSQL JDBC (CVE-2024-1597) to
fix critical security vulnerabilities
- Apache Kafka was upgraded to mitigate a JNDI injection vulnerability
(CVE-2023-25194). This vulnerability could allow remote code execution when the
Kafka client connects to a vulnerable Kafka instance. The upgrade to version
3.4.0 resolves this issue and strengthens security.
- PostgreSQL JDBC driver has been upgraded to address SQL injection risks
due to improper handling of 'PreferQueryMode=simple' (CVE-2024-1597). The
upgrade prevents unauthorized SQL execution, improving overall database
security.
- SQLServer version is to solve oom of TDS protocol
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
