diff --git a/.github/workflows/license-check.yml b/.github/workflows/license-check.yml
index a1cab1e..85acb98 100644
--- a/.github/workflows/license-check.yml
+++ b/.github/workflows/license-check.yml
@@ -8,7 +8,7 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
- python-version: [3.9]
+ python-version: [3.11]
steps:
- name: Checkout target
diff --git a/README.md b/README.md
index 6e859bb..899ba56 100644
--- a/README.md
+++ b/README.md
@@ -46,7 +46,7 @@ The recommended way to use this library is to consume it from maven central whil
software.amazon.msk
aws-msk-iam-auth
- 2.3.4
+ 2.3.5
```
If you want to use it with a pre-existing Kafka client, you could build the uber jar and place it in the Kafka client's
@@ -532,6 +532,10 @@ public static String UriEncode(CharSequence input, boolean encodeSlash) {
## Release Notes
+### Release 2.3.5
+- Upgrade AWS SDK version to address CVE-2025-58056 and CVE-2025-58057
+- Updated dependencies to address build issues. It's now recommended to build the package using Gradle 8.0+ and JDK 17+.
+
### Release 2.3.4
- Skip credential providers chain
diff --git a/build.gradle b/build.gradle
index 4eebbca..64646c9 100644
--- a/build.gradle
+++ b/build.gradle
@@ -1,14 +1,16 @@
plugins {
id 'java-library'
- id "io.freefair.lombok" version "5.3.0"
- id 'com.github.johnrengelman.shadow' version '6.1.0'
+ id "io.freefair.lombok" version "6.6.3"
+ id 'com.github.johnrengelman.shadow' version '8.1.1'
id 'maven-publish'
+ id 'io.github.gradle-nexus.publish-plugin' version '1.1.0'
id 'signing'
id 'org.owasp.dependencycheck' version '7.1.0.1'
}
-sourceCompatibility = 1.8
+sourceCompatibility = 17
+targetCompatibility = 17
repositories {
mavenCentral()
@@ -43,7 +45,7 @@ group "software.amazon.msk"
dependencies {
compileOnly('org.apache.kafka:kafka-clients:2.8.1')
// aws sdk imports.
- implementation(platform('software.amazon.awssdk:bom:2.32.26'))
+ implementation(platform('software.amazon.awssdk:bom:2.36.3'))
implementation('software.amazon.awssdk:auth')
implementation('software.amazon.awssdk:sso')
implementation('software.amazon.awssdk:ssooidc')
@@ -57,66 +59,25 @@ dependencies {
testImplementation('org.apache.kafka:kafka-clients:2.2.1')
testImplementation('org.junit.jupiter:junit-jupiter-api:5.7.0')
testImplementation('org.apache.commons:commons-lang3:3.11')
- testImplementation('org.mockito:mockito-inline:3.6.0')
+ testImplementation('org.mockito:mockito-inline:5.0.0')
testRuntimeOnly('org.junit.jupiter:junit-jupiter-engine:5.7.0')
testRuntimeOnly('org.apache.logging.log4j:log4j-core:2.17.1')
testRuntimeOnly('org.apache.logging.log4j:log4j-slf4j-impl:2.17.1')
}
-import com.github.jengelman.gradle.plugins.shadow.tasks.ConfigureShadowRelocation
shadowJar {
//We remove org.slf4j from the configuration as it gets included transitively by multiple dependencies and just
//removing it from the configuration being shadowed is not sufficient.
configurations = [project.configurations.runtimeClasspath.exclude([group: "org.slf4j", module: "slf4j-api"])]
exclude 'META-INF/versions/17/', 'META-INF/versions/21/', 'META-INF/versions/22/'
-}
-
-
-import java.util.jar.JarFile
-class FilteredConfigureShadowRelocation extends ConfigureShadowRelocation {
-
- @Input
- Set relocationFilterPrefix
-
- @TaskAction
- void configureRelocation() {
- def packages = [] as Set
- configurations.each { configuration ->
- configuration.files.each { jar ->
- JarFile jf = new JarFile(jar)
- jf.entries().each { entry ->
- if (entry.name.endsWith(".class")) {
- packages << entry.name[0..entry.name.lastIndexOf('/')-1].replaceAll('/', '.')
- }
- }
- jf.close()
- }
- }
- packages.each { pkg ->
- def shouldRelocate = true
- relocationFilterPrefix.each { prefix ->
- if (pkg.startsWith(prefix)) {
- shouldRelocate = false
- }
- }
- if (shouldRelocate) {
- target.relocate(pkg, "${prefix}.${pkg}")
- }
- }
-
- }
+ relocate 'com.fasterxml.jackson', 'aws_msk_iam_auth_shadow.com.fasterxml.jackson'
+ relocate 'com.h2database', 'aws_msk_iam_auth_shadow.com.h2database'
}
-task relocateShadowJar(type: FilteredConfigureShadowRelocation) {
- target = tasks.shadowJar
- prefix = "aws_msk_iam_auth_shadow"
- relocationFilterPrefix = ["org.slf4j", "software.amazon.awssdk"]
-}
-tasks.shadowJar.dependsOn tasks.relocateShadowJar
test {
useJUnitPlatform {
@@ -160,8 +121,8 @@ publishing {
repositories {
maven {
- name = "sonatype-staging"
- url "https://aws.oss.sonatype.org/service/local/staging/deploy/maven2"
+ name = "sonatype-staging-api"
+ url "https://ossrh-staging-api.central.sonatype.com/service/local/staging/deploy/maven2/"
credentials {
username project.hasProperty('ossrhUsername') ? project.property('ossrhUsername') : ""
password project.hasProperty('ossrhPassword') ? project.property('ossrhPassword') : ""
@@ -170,6 +131,16 @@ publishing {
}
}
+
+nexusPublishing {
+ repositories {
+ sonatype {
+ nexusUrl.set(uri("https://ossrh-staging-api.central.sonatype.com/service/local/"))
+ username = project.findProperty("ossrhUsername") ?: ""
+ password = project.findProperty("ossrhPassword") ?: ""
+ }
+ }
+}
signing {
def signingKey = project.hasProperty('signingKey') ? project.property('signingKey') : ""
def signingPassword = project.hasProperty('signingPassword') ? project.property('signingPassword') : ""
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
index 12d38de..a595206 100644
--- a/gradle/wrapper/gradle-wrapper.properties
+++ b/gradle/wrapper/gradle-wrapper.properties
@@ -1,5 +1,5 @@
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-6.6.1-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.5-bin.zip
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists
diff --git a/src/main/resources/version.properties b/src/main/resources/version.properties
index 6cf0ff6..5d037ae 100644
--- a/src/main/resources/version.properties
+++ b/src/main/resources/version.properties
@@ -1,3 +1,3 @@
-#Updated on 2025-10-01T15:30:00Z
+#Updated on 2025-10-29T16:45:00Z
platform=java
-version=2.3.4
+version=2.3.5