Connector postgres driver version that's in use 42.5.0  has a vulnerability CVE-2022-41946 where when executing `PreparedStatements`  will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable by other users on Unix like systems.

Recommended fix: Update pom.xml file and upgrade postgres.driver dependency to 42.6.0.

https://github.com/debezium/debezium/blob/a386df3898e3c75be37db4661d10f8b2408edd80/pom.xml#L121

Bug report

See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41946

What Debezium connector do you use and what version?

Latest:  v2.3.0.Final

What is the connector configuration?

Same as sample within debezium github repo.

What is the captured database version and mode of depoyment?

(E.g. on-premises, with a specific cloud provider, etc.)

on-premises postgres v14

What behaviour do you expect?

No temp file generated via inputstream when executing preparedStatements.

What behaviour do you see?

Potential temp file generated via inputstream when executing preparedStatements.

Do you see the same behaviour using the latest relesead Debezium version?

(Ideally, also verify with latest Alpha/Beta/CR version)

Yes Final version:  v2.3.0.Final

Do you have the connector logs, ideally from start till finish?

(You might be asked later to provide DEBUG/TRACE level log)

No Logs.

How to reproduce the issue using our tutorial deployment?

Yes using tutorial.

Feature request or enhancement

For feature requests or enhancements, provide this information, please:

Which use case/requirement will be addressed by the proposed feature?

None, its a vulnerability

Implementation ideas (optional)

Recommended fix: Update pom.xml file and upgrade postgres.driver dependency to 42.6.0.

https://github.com/debezium/debezium/blob/a386df3898e3c75be37db4661d10f8b2408edd80/pom.xml#L121