(druid) branch master updated: Upgrade Avro to 1.11.3 to address CVE-2023-39410 (#15419)

Tue, 28 Nov 2023 00:40:01 -0800 

This is an automated email from the ASF dual-hosted git repository.

abhishek pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/druid.git


The following commit(s) were added to refs/heads/master by this push:
     new 7a8204db72c Upgrade Avro to 1.11.3 to address CVE-2023-39410 (#15419)
7a8204db72c is described below

commit 7a8204db72c82f1ce120b5d4fb316acd8b51e622
Author: Keerthana Srikanth <[email protected]>
AuthorDate: Tue Nov 28 14:09:48 2023 +0530

    Upgrade Avro to 1.11.3 to address CVE-2023-39410 (#15419)
---
 licenses.yaml                           | 2 +-
 owasp-dependency-check-suppressions.xml | 8 --------
 pom.xml                                 | 2 +-
 3 files changed, 2 insertions(+), 10 deletions(-)

diff --git a/licenses.yaml b/licenses.yaml
index 5ad05d80c89..fc73348bbc0 100644
--- a/licenses.yaml
+++ b/licenses.yaml
@@ -3355,7 +3355,7 @@ name: Apache Avro
 license_category: binary
 module: extensions/druid-avro-extensions
 license_name: Apache License version 2.0
-version: 1.11.1
+version: 1.11.3
 libraries:
   - org.apache.avro: avro
   - org.apache.avro: avro-mapred
diff --git a/owasp-dependency-check-suppressions.xml 
b/owasp-dependency-check-suppressions.xml
index b551607063f..ab0f57c05b0 100644
--- a/owasp-dependency-check-suppressions.xml
+++ b/owasp-dependency-check-suppressions.xml
@@ -557,14 +557,6 @@
     <cve>CVE-2017-3162</cve>
   </suppress>
 
-  <suppress>
-    <!-- Suppress avro cves that are only applicable to .NET SDK-->
-    <notes><![CDATA[
-    file name: avro-1.9.2.jar or avro-ipc-jetty-1.9.2.jar
-    ]]></notes>
-    <cve>CVE-2021-43045</cve>
-  </suppress>
-
   <suppress>
     <!-- False alarm for the Async javascript library 
(https://github.com/caolan/async) which is a dev dependency for the web console 
-->
     <notes><![CDATA[
diff --git a/pom.xml b/pom.xml
index 9c242512278..63d675d2f23 100644
--- a/pom.xml
+++ b/pom.xml
@@ -81,7 +81,7 @@
         <apache.ranger.gson.version>2.2.4</apache.ranger.gson.version>
         <scala.library.version>2.13.11</scala.library.version>
         <avatica.version>1.23.0</avatica.version>
-        <avro.version>1.11.1</avro.version>
+        <avro.version>1.11.3</avro.version>
         <!-- When updating Calcite, also propagate updates to these files 
which we've copied and modified:
              default_config.fmpp
           -->


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to