This is an automated email from the ASF dual-hosted git repository.
martijnvisser pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/flink.git
The following commit(s) were added to refs/heads/master by this push:
new a58a35e2b1a [FLINK-33238][Formats/Avro] Upgrade AVRO dependency to
1.11.3. This closes #23508
a58a35e2b1a is described below
commit a58a35e2b1abda28ae7d884a433ca26624c7a4c4
Author: MartijnVisser <[email protected]>
AuthorDate: Fri Oct 20 12:56:21 2023 +0200
[FLINK-33238][Formats/Avro] Upgrade AVRO dependency to 1.11.3. This closes
#23508
Upgrade AVRO dependency to 1.11.3 to mitigate scanners flagging Flink as
vulnerable for CVE-2023-39410
This also solves the problem where Union types are not inheriting type
conversions
Co-authored-by: AndreiLeib <[email protected]>
---
.../flink/formats/avro/RegistryAvroDeserializationSchemaTest.java | 2 +-
.../src/main/resources/META-INF/NOTICE | 2 +-
flink-formats/flink-sql-avro/src/main/resources/META-INF/NOTICE | 2 +-
pom.xml | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git
a/flink-formats/flink-avro/src/test/java/org/apache/flink/formats/avro/RegistryAvroDeserializationSchemaTest.java
b/flink-formats/flink-avro/src/test/java/org/apache/flink/formats/avro/RegistryAvroDeserializationSchemaTest.java
index c11c4bfb6b6..424e44817ee 100644
---
a/flink-formats/flink-avro/src/test/java/org/apache/flink/formats/avro/RegistryAvroDeserializationSchemaTest.java
+++
b/flink-formats/flink-avro/src/test/java/org/apache/flink/formats/avro/RegistryAvroDeserializationSchemaTest.java
@@ -85,7 +85,7 @@ class RegistryAvroDeserializationSchemaTest {
+ " \"fields\": [\n"
+ " {\"name\": \"name\", \"type\":
\"string\"}"
+ " ]\n"
- + "}]");
+ + "}");
RegistryAvroDeserializationSchema<SimpleRecord> deserializer =
new RegistryAvroDeserializationSchema<>(
SimpleRecord.class,
diff --git
a/flink-formats/flink-sql-avro-confluent-registry/src/main/resources/META-INF/NOTICE
b/flink-formats/flink-sql-avro-confluent-registry/src/main/resources/META-INF/NOTICE
index dd601b9119f..f4fd1a6308d 100644
---
a/flink-formats/flink-sql-avro-confluent-registry/src/main/resources/META-INF/NOTICE
+++
b/flink-formats/flink-sql-avro-confluent-registry/src/main/resources/META-INF/NOTICE
@@ -13,7 +13,7 @@ This project bundles the following dependencies under the
Apache Software Licens
- io.confluent:common-config:7.2.2
- io.confluent:common-utils:7.2.2
- io.confluent:kafka-schema-registry-client:7.2.2
-- org.apache.avro:avro:1.11.1
+- org.apache.avro:avro:1.11.3
- org.apache.commons:commons-compress:1.21
- org.apache.kafka:kafka-clients:7.2.2-ccs
- org.glassfish.jersey.core:jersey-common:2.30
diff --git a/flink-formats/flink-sql-avro/src/main/resources/META-INF/NOTICE
b/flink-formats/flink-sql-avro/src/main/resources/META-INF/NOTICE
index 21f85619d82..4cf05a46b4a 100644
--- a/flink-formats/flink-sql-avro/src/main/resources/META-INF/NOTICE
+++ b/flink-formats/flink-sql-avro/src/main/resources/META-INF/NOTICE
@@ -6,7 +6,7 @@ The Apache Software Foundation (http://www.apache.org/).
This project bundles the following dependencies under the Apache Software
License 2.0. (http://www.apache.org/licenses/LICENSE-2.0.txt)
-- org.apache.avro:avro:1.11.1
+- org.apache.avro:avro:1.11.3
- com.fasterxml.jackson.core:jackson-core:2.14.3
- com.fasterxml.jackson.core:jackson-databind:2.14.3
- com.fasterxml.jackson.core:jackson-annotations:2.14.3
diff --git a/pom.xml b/pom.xml
index 01536764538..8a9c3f0e3a5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -144,7 +144,7 @@ under the License.
<!-- Project `flink-benchmarks` uses zk testing server in
`curator-test` for performance
benchmark, please confirm it will not affect the benchmarks
when the version is bumped. -->
<curator.version>5.4.0</curator.version>
- <avro.version>1.11.1</avro.version>
+ <avro.version>1.11.3</avro.version>
<!-- Version for transitive Jackson dependencies that are not
used within Flink itself.-->
<jackson-bom.version>2.14.3</jackson-bom.version>
<javax.activation.api.version>1.2.0</javax.activation.api.version>
