Upload connector to Confluent Hub

[ddonaghy-c]

Hey all

Congratulations on your recent new release. I'm just reaching out to see if you are interested in uploading this connector to a listing on the Confluent Hub; as I work with connector listings to the hub. If you are interested in having a listing I would advise the current released version has two HIGH level CVEs present:

GHSA-xpw8-rcwv-8f8p
https://avd.aquasec.com/nvd/cve-2023-1370

and as such Confluent security policy does not allow the upload of Critical or High CVEs to the hub. If these can be remediated with fixes as outlined in links above; or these vulnerabilities signed off as a false positive or valid but non exploitable within code we can upload this for you.

If you have any questions please let me know
Confluent Integrations Team

[berndruecker]

Hi @ddonaghy-c - thanks for reaching out pro-actively! Good to see the experience around the hub improved 👍

I am interested in updating out listing - and happy to tackle the CVE first. This is already patched in the zeebe-java-client 8.4.0-alpha, and we will see a release beginning of January. Once this is there I will update the dependency and do a new release, then the CVE should be gone (I also added the project to our internal Snyk scanning so I can check violations myself first). We can keep this issue open and use it for the update.

Quick question: Is there some way to see user data around the connector? The last time I asked I got a rough number checked manually by somebody - can I either get an update on it or probably some more in-depth data (ideally via Email)?