This is an automated email from the ASF dual-hosted git repository.
abhishekrb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/druid.git
The following commit(s) were added to refs/heads/master by this push:
new b451264cec1 Fix CVE-2025-33042: Upgrade Apache Avro to 1.11.5 (#19103)
b451264cec1 is described below
commit b451264cec1285b6ea2fd42aea435b99ae992705
Author: Ashwin Tumma <[email protected]>
AuthorDate: Fri Mar 6 13:03:53 2026 -0800
Fix CVE-2025-33042: Upgrade Apache Avro to 1.11.5 (#19103)
Upgrades org.apache.avro from 1.11.4 to 1.11.5 to remediate CVE-2025-33042.
Co-authored-by: Ashwin Tumma <[email protected]>
---
licenses.yaml | 2 +-
pom.xml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/licenses.yaml b/licenses.yaml
index 8cf40efbc6b..d32056b3bad 100644
--- a/licenses.yaml
+++ b/licenses.yaml
@@ -3082,7 +3082,7 @@ name: Apache Avro
license_category: binary
module: extensions/druid-avro-extensions
license_name: Apache License version 2.0
-version: 1.11.4
+version: 1.11.5
libraries:
- org.apache.avro: avro
- org.apache.avro: avro-mapred
diff --git a/pom.xml b/pom.xml
index 019098b7413..d49bfd798c7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -83,7 +83,7 @@
<gson.version>2.12.0</gson.version>
<scala.library.version>2.13.14</scala.library.version>
<avatica.version>1.27.0</avatica.version>
- <avro.version>1.11.4</avro.version>
+ <avro.version>1.11.5</avro.version>
<bytebuddy.version>1.18.3</bytebuddy.version>
<!--
The base calcite parser was copied into the project; when updating
Calcite run dev/upgrade-calcite-parser to adopt upstream changes
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
