[jira] [Commented] (HADOOP-19315) Bump avro from 1.9.2 to 1.11.4

Dominik Diedrich (Jira) Wed, 23 Oct 2024 05:33:09 -0700


    [ 
https://issues.apache.org/jira/browse/HADOOP-19315?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17892137#comment-17892137
 ]


Dominik Diedrich commented on HADOOP-19315:
-------------------------------------------

*PR available:*
https://github.com/apache/hadoop/pull/7128

> Bump avro from 1.9.2 to 1.11.4
> ------------------------------
>
>                 Key: HADOOP-19315
>                 URL: https://issues.apache.org/jira/browse/HADOOP-19315
>             Project: Hadoop Common
>          Issue Type: Task
>    Affects Versions: 3.4.0
>            Reporter: Dominik Diedrich
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 3.4.1
>
>
> We should bump the avro version in the hadoop-project pom.xml from 1.9.2 to 
> 1.11.4 in order to fix following CVE's:
> * 
> [CVE-2024-47561|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47561]
> * 
> [CVE-2023-39410|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39410]
> I already fixed it locally and can create a PR for that.
> A few classes need to be adjusted, because avro introduced new getter, setter 
> methods for some member variables which are now private.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

[jira] [Commented] (HADOOP-19315) Bump avro from 1.9.2 to 1.11.4

Reply via email to