Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Revert "[fix][sec] Upgrade Debezium oracle connector version to avoid… #22668

Merged
merged 1 commit into from
May 8, 2024

Conversation

lhotari
Copy link
Member

@lhotari lhotari commented May 7, 2024

CVE-2023-4586 (#22641)"

This reverts commit 4a59536.

Motivation

The connector is broken and the integration test doesn't pass. This is the error message in the container logs.

2024-05-07T15:55:08,886+0000 [public/default/test-source-debezium-oracle-PROCESS-qsccgnow-0] ERROR org.apache.pulsar.functions.instance.JavaInstanceRunnable - [public/default/test-source-debezium-oracle-PROCESS-qsccgnow:0] Uncaught exception in Java Instance
java.lang.NoClassDefFoundError: io/debezium/jdbc/MainConnectionProvidingConnectionFactory
	at java.lang.Class.forName0(Native Method) ~[?:?]
	at java.lang.Class.forName(Unknown Source) ~[?:?]
	at java.lang.Class.forName(Unknown Source) ~[?:?]
	at org.apache.pulsar.io.kafka.connect.AbstractKafkaConnectSource.open(AbstractKafkaConnectSource.java:154) ~[?:?]
	at org.apache.pulsar.io.kafka.connect.KafkaConnectSource.open(KafkaConnectSource.java:63) ~[?:?]
	at org.apache.pulsar.io.debezium.DebeziumSource.open(DebeziumSource.java:114) ~[?:?]
	at org.apache.pulsar.functions.instance.JavaInstanceRunnable.setupInput(JavaInstanceRunnable.java:895) ~[org.apache.pulsar-pulsar-functions-instance-3.3.0-SNAPSHOT.jar:3.3.0-SNAPSHOT]
	at org.apache.pulsar.functions.instance.JavaInstanceRunnable.setup(JavaInstanceRunnable.java:263) ~[org.apache.pulsar-pulsar-functions-instance-3.3.0-SNAPSHOT.jar:3.3.0-SNAPSHOT]
	at org.apache.pulsar.functions.instance.JavaInstanceRunnable.run(JavaInstanceRunnable.java:311) ~[org.apache.pulsar-pulsar-functions-instance-3.3.0-SNAPSHOT.jar:3.3.0-SNAPSHOT]
	at java.lang.Thread.run(Unknown Source) [?:?]
Caused by: java.lang.ClassNotFoundException: io.debezium.jdbc.MainConnectionProvidingConnectionFactory
	at java.net.URLClassLoader.findClass(Unknown Source) ~[?:?]
	at java.lang.ClassLoader.loadClass(Unknown Source) ~[?:?]
	at java.lang.ClassLoader.loadClass(Unknown Source) ~[?:?]
	... 10 more

Log location:
image
image
image

Modifications

Revert PR #22641 which most likely broke the connector.

Documentation

  • doc
  • doc-required
  • doc-not-needed
  • doc-complete

@lhotari lhotari added type/bug The PR fixed a bug or issue reported a bug area/function release/blocker Indicate the PR or issue that should block the release until it gets resolved ready-to-test labels May 7, 2024
@lhotari lhotari added this to the 3.3.0 milestone May 7, 2024
@lhotari lhotari self-assigned this May 7, 2024
@github-actions github-actions bot added the doc-not-needed Your PR changes do not impact docs label May 7, 2024
@shoothzj
Copy link
Member

shoothzj commented May 7, 2024

debezium might need to be updated to 2.2.0.final, can we easily update debezium instead of revert this commit?

@lhotari
Copy link
Member Author

lhotari commented May 8, 2024

debezium might need to be updated to 2.2.0.final, can we easily update debezium instead of revert this commit?

@shoothzj a good practice is to revert when there's a regression. A new PR can handle that.

@coderzc coderzc modified the milestones: 3.3.0, 3.4.0 May 8, 2024
@lhotari lhotari requested review from nodece, tisonkun and coderzc May 8, 2024 08:26
@Technoboy- Technoboy- merged commit ca44b9b into apache:master May 8, 2024
47 of 51 checks passed
coderzc pushed a commit that referenced this pull request May 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/function cherry-picked/branch-3.2 cherry-picked/branch-3.3 doc-not-needed Your PR changes do not impact docs ready-to-test release/blocker Indicate the PR or issue that should block the release until it gets resolved release/3.3.0 type/bug The PR fixed a bug or issue reported a bug
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants