I am happy to announce the release of Debezium 1.9.0.Beta1!
This release includes many new features for Debezium Server, including Knative Eventing support and offset storage management with the Redis sink, multi-partitioned scaling for the SQL Server connector, and various of bugfixes and improvements. Overall, 56 issues have been fixed for this release.
Let’s take a closer look at a couple of them.
It’s my pleasure to announce the second release of the Debezium 1.9 series, 1.9.0.Alpha2!
This release includes support for Oracle 21c, improvements around Redis for Debezium Server, configuring the
kafka.query.timeout.ms option, and a number of bug fixes around DDL parsers, build infrastructure, etc.
Overall, the community fixed 51 issues for this release. Let’s take a closer look at some of the highlights.
It’s my pleasure to announce the first release of the Debezium 1.9 series, 1.9.0.Alpha1!
With the new year comes a new release! The Debezium 1.9.0.Alpha1 release comes with quite a number of fixes and improvements, most notably improved metrics and Oracle ROWID data type support.
It’s my great pleasure to announce the release of Debezium 1.8.0.Final!
Besides a strong focus on the Debezium connector for MongoDB (more on that below), the 1.8 release brings support for Postgres' logical decoding messages, support for configuring SMTs and topic creation settings in the Debezium UI, and much more.
Overall, the community has fixed 242 issues for this release. A big thank you to everyone who helped to make this release happen on time, sticking to our quarterly release cadence!
TL,DR: Debezium is NOT affected by the recently disclosed remote code execution vulnerability in log4j2 (CVE-2021-44228); The log4j-1.2.17.jar shipped in Debezium’s container images contains a class
JMSAppender, which is subject to a MODERATE vulnerability (CVE-2021-4104). This appender is NOT used by default, i.e. access to log4j’s configuration is required in order to exploit this CVE. As a measure of caution, we have decided to remove the
JMSAppender class from Debezium’s container images as of version 1.7.2.Final, released today.
On Dec 10th, a remote code execution vulnerability in the widely used log4j2 library was published (CVE-2021-44228). Debezium, just like Apache Kafka and Kafka Connect, does not use log4j2 and therefore is NOT affected by this CVE.