Vulnerability - CVE-2023-6378 #744
-
|
Hello, There seems to be a vulnerability in the logback core dependency (/root/.venv/lib/python3.11/site-packages/connectorx/dependencies/j4rs-0.15.3-jar-with-dependencies.jar:ch.qos.logback:logback-core) which is being flagged by Docker scout. Any suggestions on how to mitigate this or will there be an update to patch this? Any help/suggestions would be appreciated. Thanks! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Hi @shetty13 , Have you tried the latest release? Currently we should depend on j4rs 0.17 instead of 0.15 as you shown above. This jar file comes with the j4rs crate, and we can only update it through upgrading version for j4rs in the cargo.toml file. Why We Have This JAR FileThis jar file is for query federation (e.g., issue a query that joins tables from multiple databases). Like this following example: import connectorx as cx
db1 = "postgresql://username1:password1@server1:port1/database1"
db2 = "postgresql://username2:password2@server2:port2/database2"
cx.read_sql({"db1": db1, "db2": db2}, "SELECT * FROM db1.nation n, db2.region r where n.n_regionkey = r.r_regionkey")This feature requires a query rewriter, which is a prototype implemented in Java (using Apache Calcite) and is currently experimental. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you, updating to the latest version fixed it! |
Beta Was this translation helpful? Give feedback.
Hi @shetty13 ,
Have you tried the latest release? Currently we should depend on j4rs 0.17 instead of 0.15 as you shown above. This jar file comes with the j4rs crate, and we can only update it through upgrading version for j4rs in the cargo.toml file.
Why We Have This JAR File
This jar file is for query federation (e.g., issue a query that joins tables from multiple databases). Like this following example:
This feature re…