From cbe9c2b31fcf3aa0fe0c58960f9843cab8b5d42f Mon Sep 17 00:00:00 2001
From: Andrey Yegorov <8622884+dlg99@users.noreply.github.com>
Date: Fri, 28 Jan 2022 07:38:39 -0800
Subject: [PATCH] Upgraded debezium to 1.7.2 (+ fixed CVE-2021-20328, +
suppressed OWASP misdetections) (#13928)
Upgraded debezium mostly to pick up perf fix https://issues.redhat.com/browse/DBZ-4309
CVE-2021-20328 from mongo lib fixed by forcing newer version.
---
pom.xml | 2 +-
pulsar-io/debezium/mongodb/pom.xml | 7 ++
src/owasp-dependency-check-suppressions.xml | 94 ++++++++++++++++++++-
3 files changed, 101 insertions(+), 2 deletions(-)
diff --git a/pom.xml b/pom.xml
index 0b61422c06c8d..86bc285f7b1d3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -157,7 +157,7 @@ flexible messaging model and an intuitive client API.
332
2.13
2.13.6
- 1.7.1.Final
+ 1.7.2.Final
0.11.1
0.18.0
2.4.9
diff --git a/pulsar-io/debezium/mongodb/pom.xml b/pulsar-io/debezium/mongodb/pom.xml
index 75ef9ca34cb13..eda0a1a6d6dcd 100644
--- a/pulsar-io/debezium/mongodb/pom.xml
+++ b/pulsar-io/debezium/mongodb/pom.xml
@@ -38,6 +38,13 @@
${project.version}
+
+
+ org.mongodb
+ mongodb-driver-sync
+ 4.2.2
+
+
io.debezium
debezium-connector-mongodb
diff --git a/src/owasp-dependency-check-suppressions.xml b/src/owasp-dependency-check-suppressions.xml
index 5a596e3d3ecb0..89cc001c1dd06 100644
--- a/src/owasp-dependency-check-suppressions.xml
+++ b/src/owasp-dependency-check-suppressions.xml
@@ -290,7 +290,7 @@
3f8f54bbcb73608ac8b66f186a824b75065eb413
CVE-2017-8761
-
+
cpe:/a:apache:solr
+
+
+
+ a501bd758344d60fd400f5ce58694d52b2dbc6d8
+ CVE-2010-1626
+ CVE-2009-4028
+ CVE-2007-1420
+ CVE-2007-5925
+ CVE-2007-2691
+ CVE-2009-0819
+ CVE-2010-1621
+ CVE-2010-3677
+ CVE-2010-3682
+ CVE-2012-5627
+ CVE-2015-2575
+ CVE-2017-15945
+
+
+
+ 45b3fdd0b953d744a8570f74eb5e1016f8ed5ca9
+ CVE-2007-1420
+ CVE-2007-2691
+ CVE-2007-5925
+ CVE-2009-0819
+ CVE-2009-4028
+ CVE-2010-1621
+ CVE-2010-1626
+ CVE-2010-3677
+ CVE-2010-3682
+ CVE-2012-5627
+ CVE-2015-2575
+ CVE-2017-15945
+
+
+
+ 69c1edfa7d89531af511fcd07e8516fa450f746a
+ CVE-2007-2138
+ CVE-2010-0733
+ CVE-2014-0060
+ CVE-2014-0061
+ CVE-2014-0062
+ CVE-2014-0063
+ CVE-2014-0064
+ CVE-2014-0065
+ CVE-2014-0066
+ CVE-2014-0067
+ CVE-2014-8161
+ CVE-2015-0241
+ CVE-2015-0242
+ CVE-2015-0243
+ CVE-2015-0244
+ CVE-2015-3165
+ CVE-2015-3166
+ CVE-2015-3167
+ CVE-2015-5288
+ CVE-2015-5289
+ CVE-2016-0766
+ CVE-2016-0768
+ CVE-2016-0773
+ CVE-2016-5423
+ CVE-2016-5424
+ CVE-2016-7048
+ CVE-2017-14798
+ CVE-2017-7484
+ CVE-2018-1115
+ CVE-2019-10127
+ CVE-2019-10128
+ CVE-2019-10210
+ CVE-2019-10211
+ CVE-2020-25694
+ CVE-2020-25695
+ CVE-2021-3393
+
+
+
+ 29b45ebea1e4ce62ab3ec5eb76fa9771f98941b0
+ CVE-2016-0750
+ CVE-2017-15089
+ CVE-2017-2638
+ CVE-2019-10158
+ CVE-2019-10174
+ CVE-2020-25711
+
+