Hello Hadoop Devs-- I have a question about the hadoop-thirdparty repository.
Recent commits have addressed a couple CVEs for packages used in hadoop-thirdparty. CVE-2023-39410 for avro was addressed by https://github.com/apache/hadoop-thirdparty/commit/910f2c9 and CVE-2023-2976 for guava was addressed by https://github.com/apache/hadoop-thirdparty/commit/52c38fe. I also saw that a similar update for guava is being proposed for Hadoop Common via HADOOP-19005. Is there a possibility of a 1.1.2 release being cut for hadoop-thirdparty to get these fixes released? Thanks for your time, Dan Huff
