Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade mysql-connector to 8.4.0 #32

Merged
merged 1 commit into from
Jun 19, 2024
Merged

Upgrade mysql-connector to 8.4.0 #32

merged 1 commit into from
Jun 19, 2024

Conversation

stvoutsin
Copy link
Member

Jira issue description:

The mysql-connector-java version in the lsst-tap-service appears to be 8.0.13, which dates from 2018 (and is listed as having three direct vulnerabilities, but which are not that severe: CVE-2022-21363, CVE-2021-2471, CVE-2019-2692).

We should try updating to at least 8.0.33 or possibly mysql-connector-j 8.4.0, which appears to be the most recent available.

Among other things, this should enable us to use TLS 1.3, which is a recommended mitigation for having Qserv exposed to the Internet.

Jira issue: https://rubinobs.atlassian.net/browse/DM-44885

@stvoutsin stvoutsin merged commit 3efea2a into master Jun 19, 2024
1 check passed
@stvoutsin stvoutsin deleted the tickets/DM-44885 branch June 19, 2024 01:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@stvoutsin