This is an automated email from the ASF dual-hosted git repository. xuba pushed a commit to branch fix-cve in repository https://gitbox.apache.org/repos/asf/amoro.git
commit bcc906ff846a735b46fb833312dd0a9200a9db0f Author: xuba <[email protected]> AuthorDate: Wed Apr 23 14:56:17 2025 +0800 Fix CVE-2025-30065 and CVE-2025-24970 --- amoro-common/pom.xml | 5 +++++ amoro-format-iceberg/pom.xml | 5 +++++ pom.xml | 11 +++++++++-- 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/amoro-common/pom.xml b/amoro-common/pom.xml index 802854146..dbfe1719c 100644 --- a/amoro-common/pom.xml +++ b/amoro-common/pom.xml @@ -80,6 +80,11 @@ <artifactId>parquet-avro</artifactId> </dependency> + <dependency> + <groupId>org.apache.parquet</groupId> + <artifactId>parquet-jackson</artifactId> + </dependency> + <dependency> <groupId>org.apache.hadoop</groupId> <artifactId>hadoop-auth</artifactId> diff --git a/amoro-format-iceberg/pom.xml b/amoro-format-iceberg/pom.xml index 8a33392f6..c27d8bec7 100644 --- a/amoro-format-iceberg/pom.xml +++ b/amoro-format-iceberg/pom.xml @@ -134,6 +134,11 @@ <artifactId>parquet-avro</artifactId> </dependency> + <dependency> + <groupId>org.apache.parquet</groupId> + <artifactId>parquet-jackson</artifactId> + </dependency> + <dependency> <groupId>org.apache.hadoop</groupId> <artifactId>hadoop-auth</artifactId> diff --git a/pom.xml b/pom.xml index 2588ce409..02f9cfc30 100644 --- a/pom.xml +++ b/pom.xml @@ -117,7 +117,8 @@ <cglib.version>2.2.2</cglib.version> <curator.version>5.7.0</curator.version> <mockito.version>4.11.0</mockito.version> - <parquet-avro.version>1.13.1</parquet-avro.version> + <parquet-jackson.version>1.13.1</parquet-jackson.version> + <parquet-avro.version>1.15.1</parquet-avro.version> <mysql-jdbc.version>8.0.33</mysql-jdbc.version> <orc-core.version>1.8.3</orc-core.version> <awssdk.version>2.24.12</awssdk.version> @@ -131,7 +132,7 @@ <postgres-jdbc.version>42.7.2</postgres-jdbc.version> <derby-jdbc.version>10.14.2.0</derby-jdbc.version> <commons-dbcp2.version>2.9.0</commons-dbcp2.version> - <netty.version>4.1.86.Final</netty.version> + <netty.version>4.1.118.Final</netty.version> <javalin.version>4.6.8</javalin.version> <kyuubi-hive-jdbc-shaded.version>1.6.0-incubating</kyuubi-hive-jdbc-shaded.version> <rocksdb.version>7.10.2</rocksdb.version> @@ -372,6 +373,12 @@ <version>${parquet-avro.version}</version> </dependency> + <dependency> + <groupId>org.apache.parquet</groupId> + <artifactId>parquet-jackson</artifactId> + <version>${parquet-jackson.version}</version> + </dependency> + <dependency> <groupId>org.apache.hadoop</groupId> <artifactId>hadoop-auth</artifactId>
