sumi-mathew opened a new pull request, #13332: URL: https://github.com/apache/hudi/pull/13332
### Change Logs The last published [hudi-presto-bundle, 1.0.2](https://mvnrepository.com/artifact/org.apache.hudi/hudi-presto-bundle/1.0.2), is using parquet-avro version 1.13.1 This unfortunately has two rather bothersome CVEs - [CVE-2025-46762](https://github.com/advisories/GHSA-53wx-pr6q-m3j5), score 7.1/10 - Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata [CVE-2025-30065](https://github.com/advisories/GHSA-2c59-37c4-qrx5), score 10/10 - Apache Parquet Avro Module Vulnerable to Arbitrary Code Execution Upgrading to parquet-avro 1.15.2 should fix these ### Impact _Describe any public API or user-facing feature change or any performance impact._ ### Risk level (write none, low medium or high below) _If medium or high, explain what verification was done to mitigate the risks._ ### Documentation Update _Describe any necessary documentation update if there is any new feature, config, or user-facing change. If not, put "none"._ - _The config description must be updated if new configs are added or the default value of the configs are changed_ - _Any new feature or user-facing change requires updating the Hudi website. Please create a Jira ticket, attach the ticket number here and follow the [instruction](https://hudi.apache.org/contribute/developer-setup#website) to make changes to the website._ ### Contributor's checklist - [ ] Read through [contributor's guide](https://hudi.apache.org/contribute/how-to-contribute) - [ ] Change Logs and Impact were stated clearly - [ ] Adequate tests were added if applicable - [ ] CI passed -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
