Comments (5)
Hi @janjwerner-confluent
Mvn central repository link:
https://mvnrepository.com/artifact/com.kjetland/mbknor-jackson-jsonschema_2.13/1.0.39
++ copied list of vulnerabilities from dependency:
CVE-2023-6378
CVE-2022-42004
CVE-2022-42003
CVE-2022-36944
CVE-2021-46877
CVE-2020-36518
CVE-2020-25649
Override of the scala library has passed all the tests we have for schema registry.
I will try this action and let you know if it helped in our case.
from schema-registry.
@maciejadamski0
Can you try to override the version of scala-library that is brought into your project using the dependency management?
If you look at the current 7.5.x dependency tree, you should notice that an updated version of kafka and scala jars.
[INFO] --- dependency:3.3.0:tree (default-cli) @ kafka-json-schema-serializer --- [INFO] io.confluent:kafka-json-schema-serializer:jar:7.5.4-0 [INFO] +- org.apache.kafka:kafka_2.13:jar:7.5.4-10-ccs:provided [INFO] | +- org.apache.kafka:kafka-clients:jar:7.5.4-10-ccs:compile [INFO] | | +- com.github.luben:zstd-jni:jar:1.5.5-1:runtime [INFO] | | +- org.lz4:lz4-java:jar:1.8.0:runtime [INFO] | | \- org.xerial.snappy:snappy-java:jar:1.1.10.5:runtime [INFO] | +- org.scala-lang:scala-library:jar:2.13.10:compile
from schema-registry.
@janjwerner-confluent
Sorry, I'm not a Scala expert, but my understanding of this language works on the principle that if we have this library
https://mvnrepository.com/artifact/com.kjetland/mbknor-jackson-jsonschema_2.13/1.0.39
This library indicates which version of Scala it was written for or information is in the table ("Scala Target"). It may happen that the library stops working or behaving correctly.
The mbknor-jsonschema library itself contains many vulnerabilities and will probably become quite dangerous to use soon. Do you have a plan to change this library in the upcoming releases?
from schema-registry.
@maciejadamski0
I'm not aware of the current plans to replace the library. Override of the scala library has passed all the tests we have for schema registry.
You mentioned "The mbknor-jsonschema library itself contains many vulnerabilities " - can you point me to the those vulnerabilities?
from schema-registry.
@maciejadamski0
Were you able to resolve the issue?
from schema-registry.
Related Issues (20)
- Schema registry client : No Authentication header appearing in http request HOT 1
- If the name contains a dot (.) in the name a newly created schema's name and namespaces are overridden. HOT 1
- SpringBoot reactor kafka NATIVE image fails with KafkaException: Could not find a public no-argument constructor for io.confluent.kafka.serializers.KafkaJsonSerializer
- CFK Schema Registry Basic Auth Vault Secret Auto-reload Failed
- Wrong metric value for `kafka_schema_registry_node_count_node_count`
- java.lang.NoClassDefFoundError: org/apache/commons/codec/Charsets HOT 1
- Breaking change in io.confluent:kafka-protobuf-serializer from 7.6.0 to 7.6.1 HOT 2
- Error deserializing AVRO - schema evolution example HOT 1
- AuthenticateCallbackHandler not supported with SASL_OAUTHBEARER_INHERIT credential source
- Nested json with JSONSchema value converter DataException: Invalid null value for required STRUCT field HOT 3
- Confluent Maven repository is responding HTTP 403 Forbidden HOT 2
- GET /schemas and its configs are undocumented
- Vulnerabilities in Schema Registry 7.6.1 dependencies
- If you miss SCHEMA_REGISTRY_SCHEMA_REGISTRY_GROUP_ID in the image configuration you get into big problems HOT 1
- Issue with creating Schema Registry object: "Register operation timed out; error code: 50002"
- BACKWARD Compatibility Type does not support add optional field HOT 3
- Schema Registry configuration provided through key/value converter in a connector are not substituted by a ConfigProvider
- errorType:'READER_FIELD_MISSING_DEFAULT_VALUE' while checking compatibility
- KafkaJsonSchemaSerializer configuration can be silently overwritten due to static ObjectMapper
- Serialization with SpecificRecord and avro.use.logical.type.converters=true and use.latest.version=true is broken for union topic schema HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from schema-registry.