This is an automated email from the ASF dual-hosted git repository.
danny0405 pushed a commit to branch branch-0.x
in repository https://gitbox.apache.org/repos/asf/hudi.git
The following commit(s) were added to refs/heads/branch-0.x by this push:
new 92c7cae7a3a [HUDI-8402] Fix for CVE-2023-39410 and CVE-2020-13956
(#12010)
92c7cae7a3a is described below
commit 92c7cae7a3a10efa32f6a85e8d1297030da537c9
Author: Deepak Mehra <[email protected]>
AuthorDate: Tue Oct 22 07:21:18 2024 +0530
[HUDI-8402] Fix for CVE-2023-39410 and CVE-2020-13956 (#12010)
---
pom.xml | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/pom.xml b/pom.xml
index e9be5784688..abface1a359 100644
--- a/pom.xml
+++ b/pom.xml
@@ -136,6 +136,7 @@
<aws.sdk.httpclient.version>4.5.13</aws.sdk.httpclient.version>
<aws.sdk.httpcore.version>4.4.13</aws.sdk.httpcore.version>
<http.version>4.4.1</http.version>
+
<httpcomponents.httpclient.version>4.5.13</httpcomponents.httpclient.version>
<spark.version>${spark3.version}</spark.version>
<spark2.version>2.4.4</spark2.version>
<spark3.version>3.5.1</spark3.version>
@@ -175,7 +176,7 @@
(hudi.spark.common.modules.*) -->
<hudi.spark.common.modules.1>hudi-spark3-common</hudi.spark.common.modules.1>
<hudi.spark.common.modules.2>hudi-spark3.2plus-common</hudi.spark.common.modules.2>
- <avro.version>1.8.2</avro.version>
+ <avro.version>1.11.3</avro.version>
<bijection-avro.version>0.9.7</bijection-avro.version>
<caffeine.version>2.9.1</caffeine.version>
<commons.io.version>2.11.0</commons.io.version>
@@ -1195,7 +1196,7 @@
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
- <version>${http.version}</version>
+ <version>${httpcomponents.httpclient.version}</version>
</dependency>
<!-- Hadoop -->
