[
https://issues.apache.org/jira/browse/AVRO-3213?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17447453#comment-17447453
]
Rajiv Bandi commented on AVRO-3213:
-----------------------------------
This has got fixed with 1.11.0.
Updates are tagged to AVRO-3215
--------------
Not sure why this was not picked up.
I am new here. Please let me know if I did not put the right tags.
> Update commons-compress to version 1.21
> ---------------------------------------
>
> Key: AVRO-3213
> URL: https://issues.apache.org/jira/browse/AVRO-3213
> Project: Apache Avro
> Issue Type: Improvement
> Components: dependencies, java
> Affects Versions: 1.10.0, 1.10.1, 1.10.2
> Reporter: Rajiv Bandi
> Priority: Major
> Labels: security
>
> Please upgrade Apache Commons Compress to version 1.21 as current version in
> avro v1.10.x (commons-compress v1.20) has 4 High vulnerabilities
> [CVE-2021-35515|https://github.com/advisories/GHSA-7hfm-57qf-j43q],
> [CVE-2021-35516|https://github.com/advisories/GHSA-crv7-7245-f45f],
> [CVE-2021-35517|https://github.com/advisories/GHSA-xqfj-vm6h-2x34] and
> [CVE-2021-36090|https://github.com/advisories/GHSA-mc84-pj99-q6hh]
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
