hudi-bot opened a new issue, #16946: URL: https://github.com/apache/hudi/issues/16946
[https://www.bleepingcomputer.com/news/security/max-severity-rce-flaw-discovered-in-widely-used-apache-parquet/] This impacts the parquet version used in hudi hundles. Vulenerability has been fixed in org.apache.parquet:parquet-avro version 1.15.1. ## JIRA info - Link: https://issues.apache.org/jira/browse/HUDI-9265 - Type: Improvement - Fix version(s): - 1.1.0 - Attachment(s): - 07/Apr/25 22:56;shivnarayan;image-2025-04-07-15-56-52-710.png;https://issues.apache.org/jira/secure/attachment/13075853/image-2025-04-07-15-56-52-710.png --- ## Comments 07/Apr/25 23:04;shivnarayan;We do pull in the parquet-avro library w/ "compile" scope in most of our bundles. !image-2025-04-07-15-56-52-710.png! Including the spark, utilities and flink library which are used for writing. Exact versions used: spark3 -> 1.13.1 spark3.3 -> 1.12.2 spark3.4 -> 1.12.3 spark3.5 -> 1.13.1 flink 1.20, 1.19, 1.18 -> 1.13.1 flink 1.17, 1.16, 1.15 -> 1.12.2 flink 1.14 -> 1.11.1 ;;; -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
