Databricks-jdbc and vulnerabilities CVE-2021-36090 CVE-2023-6378 CVE-2023-6481

Data Engineering

Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.

The latest version of Databricks-jdbc available through Maven (2.6.36) now has these three vulnerabilities:

https://www.cve.org/CVERecord?id=CVE-2021-36090
https://www.cve.org/CVERecord?id=CVE-2023-6378
https://www.cve.org/CVERecord?id=CVE-2023-6481

All due to depending on and including in the jar the older versions of the below jar dependencies

org.apache.commons:commons-compress@1.20
ch.qos.logback:logback-classic@1.2.3
ch.qos.logback:logback-core@1.2.3

Is there a possibility to have a new updated version of Databricks-jdbc that uses the latest of these dependent jars?

org.apache.commons:commons-compress@1.25
ch.qos.logback:logback-classic@1.2.13 or @1.4.14
ch.qos.logback:logback-core@1.2.13 or @1.4.14

0 REPLIES 0

never-displayed

You must be signed in to add attachments

never-displayed

Announcements

Insights from a global survey of 1,100 technologists and interviews with 28 CIOs

Data + AI Summit: Call for Presentations

Season's Speedings: Databricks SQL Delivers 4x Performance Boost Over Two Years

Now Hiring: Databricks Community Technical Moderator

Become Our Next Monthly Community Champion!

Databricks Community

Databricks-jdbc and vulnerabilities CVE-2021-36090 CVE-2023-6378 CVE-2023-6481

Connect with Databricks Users in Your Area

Insights from a global survey of 1,100 technologists and interviews with 28 CIOs

Data + AI Summit: Call for Presentations

Season's Speedings: Databricks SQL Delivers 4x Performance Boost Over Two Years

Now Hiring: Databricks Community Technical Moderator

Become Our Next Monthly Community Champion!