Skip to content

MLE-23439 - Change the TLS settings to "TLS" to permit the JVM to choose the highest possible. #212

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 8, 2025
Merged

MLE-23439 - Change the TLS settings to "TLS" to permit the JVM to choose the highest possible. #212

merged 1 commit into from
Aug 8, 2025

Conversation

@BillFarber
Copy link
Contributor

@BillFarber BillFarber commented Aug 8, 2025

Also, fixes a Polaris issue regarding the TransformerFactory.

This has been tested locally with the automated tests as well as manually.

@BillFarber
MLE-23439 - Change the TLS settings to "TLS" to permit the JVM to cho…
68e67b4 
…ose the highest possible.

Also, fixes a Polaris issue regarding the TransformerFactory.
@BillFarber BillFarber requested review from anu3990, Copilot, rjrudin and stevebio and removed request for anu3990, rjrudin and stevebio August 8, 2025 18:48
Copilot AI reviewed Aug 8, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR changes the default TLS version configuration from "TLSv1.2" to "TLS" to allow the JVM to automatically select the highest available TLS version, and adds security improvements to the TransformerFactory to prevent XML External Entity (XXE) injection vulnerabilities.

  • Updated TLS version default from "TLSv1.2" to "TLS" across configuration files and tests
  • Enhanced TransformerFactory security by implementing XXE prevention measures
  • Updated documentation to reflect the new TLS configuration behavior

Reviewed Changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated no comments.

Show a summary per file
File Description
src/main/java/com/marklogic/kafka/connect/MarkLogicConfig.java Changed default TLS version from "TLSv1.2" to "TLS"
src/main/java/com/marklogic/kafka/connect/DefaultDatabaseClientConfigBuilder.java Updated simple SSL configuration to use "TLS" protocol
src/main/java/com/marklogic/kafka/connect/source/XmlPlanInvoker.java Added secure TransformerFactory configuration with XXE prevention
src/test/java/com/marklogic/kafka/connect/BuildDatabaseClientConfigTest.java Updated test cases to use "TLS" instead of "TLSv1.2"
docs/configuring-the-connector.md Updated documentation to reflect new TLS default behavior
config/marklogic-source.properties Updated example configuration to use "TLS"
config/marklogic-sink.properties Updated example configuration to use "TLS"

@BillFarber BillFarber merged commit b14bfec into develop Aug 8, 2025
2 checks passed
@BillFarber BillFarber deleted the task/fixPolarisTlsIssue branch August 8, 2025 18:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@rjrudin rjrudin rjrudin approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@BillFarber @rjrudin