What Debezium connector do you use and what version?

main branch (latest code)

What is the connector configuration?

Not relevant, this is about a dependency version

What is the captured database version and mode of deployment?

Not relevant, this is about a dependency version

What behavior do you expect?

Use newer version of library to avoid potential vunlnerability

What behavior do you see?

Potentially vulnerable version of protobuf is being used https://github.com/debezium/debezium/blob/8fc28666682c334edc49484d3e4eeffc41017f34/pom.xml#L163-L165

See description of vulnerability: https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-8055227

Do you see the same behaviour using the latest released Debezium version?

Yes

Do you have the connector logs, ideally from start till finish?

Not relevant

How to reproduce the issue using our tutorial deployment?

Use Snyk to scan dependencies in pom file

-------

Hello!

I'll create a PR with the upgrade. It should be enough to bump the patch version to 3.25.5, which seens to be safe.