[
https://issues.apache.org/jira/browse/AVRO-3213?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17447453#comment-17447453
]
Rajiv Bandi edited comment on AVRO-3213 at 11/22/21, 2:56 PM:
--------------------------------------------------------------
This has got fixed with 1.11.0.
Updates are tagged to AVRO-3215
--------------
Not sure why this was not picked up.
I am new here.
Please let me know what I missed in the process to get the right attention.
Thank you
Rajiv
was (Author: rajivbandi):
This has got fixed with 1.11.0.
Updates are tagged to AVRO-3215
--------------
Not sure why this was not picked up.
I am new here. Please let me know if I did not put the right tags.
> Update commons-compress to version 1.21
> ---------------------------------------
>
> Key: AVRO-3213
> URL: https://issues.apache.org/jira/browse/AVRO-3213
> Project: Apache Avro
> Issue Type: Improvement
> Components: dependencies, java
> Affects Versions: 1.10.0, 1.10.1, 1.10.2
> Reporter: Rajiv Bandi
> Priority: Major
> Labels: security
> Fix For: 1.11.0
>
>
> Please upgrade Apache Commons Compress to version 1.21 as current version in
> avro v1.10.x (commons-compress v1.20) has 4 High vulnerabilities
> [CVE-2021-35515|https://github.com/advisories/GHSA-7hfm-57qf-j43q],
> [CVE-2021-35516|https://github.com/advisories/GHSA-crv7-7245-f45f],
> [CVE-2021-35517|https://github.com/advisories/GHSA-xqfj-vm6h-2x34] and
> [CVE-2021-36090|https://github.com/advisories/GHSA-mc84-pj99-q6hh]
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
