druid icon indicating copy to clipboard operation
druid copied to clipboard
verified publisher icon apache

[Security Fix] Upgrade mysql connector to 8.2.0

Open mustajibmk opened this issue 2 years ago • 3 comments

Description

Upgrade MySql connector to 8.2.0 to fix security vulnerabilities.

Release note

Key changed/added classes in this PR
  • Upgrade version
  • Replace deprecated classes with the new ones - https://dev.mysql.com/doc/connectors/en/connector-j-upgrading-to-8.0.html
  • The upgraded version of MySQL connector does not have the parseURL method in com.mysql.jdbc.NonRegisteringDriver previously used. Instead, we use the com.mysql.cj.conf.ConnectionUrlParser which only checks if the schema of the string matches the prescribed format. The test cases related to string parsing are hence removed.

This PR has:

  • [x] been self-reviewed.

mustajibmk avatar Nov 21 '23 06:11 mustajibmk

@mustajibmk are you still working on this, i have similar work: https://github.com/apache/druid/pull/16024#issuecomment-1976131021, my bad, i did not know you have already work on this. if you do not work on this any more, i can continue to work on this base on my pr. cc @abhishekagarwal87 and @cryptoe

AlbericByte avatar Mar 04 '24 19:03 AlbericByte

@abhishekagarwal87 and @cryptoe may i continue to work on this, seems there is no response from 3 months ago. and i have a similar pr : https://github.com/apache/druid/pull/16024#issuecomment-1976131021 cc:@mustajibmk

AlbericByte avatar Mar 14 '24 20:03 AlbericByte

Go ahead please

On Fri, 15 Mar 2024 at 2:29 AM, AlbericByte @.***> wrote:

@abhishekagarwal87 https://github.com/abhishekagarwal87 and @cryptoe https://github.com/cryptoe may i continue to work on this, seems there is no response from 3 months ago. and i have a similar pr : #16024 (comment) https://github.com/apache/druid/pull/16024#issuecomment-1976131021 @.*** https://github.com/mustajibmk

— Reply to this email directly, view it on GitHub https://github.com/apache/druid/pull/15408#issuecomment-1998474403, or unsubscribe https://github.com/notifications/unsubscribe-auth/AALIWUJJQDD2KKH4PB7ITJTYYIFUBAVCNFSM6AAAAAA7UBROZGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSOJYGQ3TINBQGM . You are receiving this because you were mentioned.Message ID: @.***>

abhishekagarwal87 avatar Mar 16 '24 12:03 abhishekagarwal87

@AlbericByte let's continue

FrankChen021 avatar Apr 14 '24 14:04 FrankChen021

@abhishekagarwal87 Let's shift to #16024 since @AlbericByte has also finished the work and I see all the CI checks are green.

Still thanks the work from @mustajibmk

FrankChen021 avatar Apr 19 '24 07:04 FrankChen021