Re: [I] Publish Iceberg kafka connect runtime to Confluent hub [iceberg]

Tue, 15 Jul 2025 09:14:09 -0700 


rmoff commented on issue #10745:
URL: https://github.com/apache/iceberg/issues/10745#issuecomment-3074300861

   Here's the build & scan with Trivy against main:
   
   ```
   $ git rev-parse HEAD
   
   061ae58986db3495ff3af6f1932a96dd086e5fbd
   
   $ sdk use java 11.0.26-tem
   
   $ ./gradlew -Prelease \
     :iceberg-kafka-connect:iceberg-kafka-connect-runtime:distZip \
     -x test -x integrationTest
   
   $ unzip 
kafka-connect/kafka-connect-runtime/build/distributions/iceberg-kafka-connect-runtime-1.10.0-SNAPSHOT.zip
 -d kafka-connect/kafka-connect-runtime/build/distributions/
   
   $ trivy rootfs --severity HIGH,CRITICAL 
kafka-connect/kafka-connect-runtime/build/distributions/
   ```
   
   There's just one `HIGH` vuln identified:
   
   ```
   Java (jar)
   
   Total: 1 (HIGH: 1, CRITICAL: 0)
   
   
┌─────────────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────┐
   │               Library               │ Vulnerability  │ Severity │ Status │ 
Installed Version │ Fixed Version │                      Title                  
    │
   
├─────────────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────┤
   │ commons-beanutils:commons-beanutils │ CVE-2025-48734 │ HIGH     │ fixed  │ 
1.9.4             │ 1.11.0        │ commons-beanutils: Apache Commons 
BeanUtils:    │
   │ (commons-beanutils-1.9.4.jar)       │                │          │        │ 
                  │               │ PropertyUtilsBean does not suppresses an 
enum's │
   │                                     │                │          │        │ 
                  │               │ declaredClass property...                   
    │
   │                                     │                │          │        │ 
                  │               │ https://avd.aquasec.com/nvd/cve-2025-48734  
    │
   
└─────────────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────┘
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For additional commands, e-mail: issues-h...@iceberg.apache.org

Reply via email to