From 8d9a8e26780f7a27231008ff2691f7ad78f08c7e Mon Sep 17 00:00:00 2001
From: Piotr Pauksztelo <piotr.pauksztelo@fkie.fraunhofer.de>
Date: Fri, 25 Oct 2024 14:18:26 +0200
Subject: [PATCH 1/4] Update import for MySQL connector

---
 logprep/processor/generic_adder/mysql_connector.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/logprep/processor/generic_adder/mysql_connector.py b/logprep/processor/generic_adder/mysql_connector.py
index c212ea988..f425996a8 100644
--- a/logprep/processor/generic_adder/mysql_connector.py
+++ b/logprep/processor/generic_adder/mysql_connector.py
@@ -33,7 +33,7 @@ class MySQLConnector:
     _last_table_checksum: Optional[int]
     """Checksum of the database table that was obtained on the last update check"""
 
-    _cursor: mysql.connector.connection.CursorBase
+    _cursor: mysql.connector.connection.MySQLCursor
 
     def __init__(self, sql_config: dict):
         """Initialize the MySQLConnector.

From 77e7fcee0f423f36af661fecb082a6890cf9d8d2 Mon Sep 17 00:00:00 2001
From: Piotr Pauksztelo <piotr.pauksztelo@fkie.fraunhofer.de>
Date: Fri, 25 Oct 2024 14:19:19 +0200
Subject: [PATCH 2/4] Unpin mysql-connector-python version

---
 pyproject.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index 9e7468633..91ee931a3 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -67,7 +67,7 @@ dependencies = [
   "jsonref",
   "luqum",
   "more-itertools==8.10.0",
-  "mysql-connector-python<9",
+  "mysql-connector-python",
   "numpy>=1.26.0",
   "opensearch-py",
   "prometheus_client",

From 1ab6e4dc82609ee76cf4505d9164d979504a63be Mon Sep 17 00:00:00 2001
From: ppcad <45867125+ppcad@users.noreply.github.com>
Date: Mon, 28 Oct 2024 06:48:21 +0100
Subject: [PATCH 3/4] Pin mysql-connector-python to >=9.1.0 for CVE-2024-21272

Co-authored-by: dtrai2 <95028228+dtrai2@users.noreply.github.com>
---
 pyproject.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index 91ee931a3..09b735733 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -67,7 +67,7 @@ dependencies = [
   "jsonref",
   "luqum",
   "more-itertools==8.10.0",
-  "mysql-connector-python",
+  "mysql-connector-python>=9.1.0",  #  CVE-2024-21272
   "numpy>=1.26.0",
   "opensearch-py",
   "prometheus_client",

From 727945ef59725edc484f5238a36857b6b13951c7 Mon Sep 17 00:00:00 2001
From: Piotr Pauksztelo <piotr.pauksztelo@fkie.fraunhofer.de>
Date: Mon, 28 Oct 2024 06:57:53 +0100
Subject: [PATCH 4/4] Update changelog

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b205ff0d7..76e3be40e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -32,6 +32,7 @@
 * ensure `logprep.abc.Component.Config` is immutable and can be applied multiple times
 * remove lost callback reassign behavior from `kafka_input` connector
 * remove manual commit option from `kafka_input` connector
+* pin `mysql-connector-python` to >=9.1.0 to accommodate for CVE-2024-21272 and update `MySQLConnector` to work with the new version
 
 ## 13.1.2
 ### Bugfix