[
https://issues.apache.org/jira/browse/AVRO-3213?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17447942#comment-17447942
]
Martin Tzvetanov Grigorov commented on AVRO-3213:
-------------------------------------------------
[~rajivbandi] As my comment at
https://issues.apache.org/jira/browse/AVRO-3215?focusedCommentId=17418481&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17418481
explains the problem has been fixed long before this ticket and AVRO-3215 have
been reported: [https://github.com/apache/avro/pull/1290#event-5030126207]
The "problem" with the PR was that there was no Jira issue for it
> Update commons-compress to version 1.21
> ---------------------------------------
>
> Key: AVRO-3213
> URL: https://issues.apache.org/jira/browse/AVRO-3213
> Project: Apache Avro
> Issue Type: Improvement
> Components: dependencies, java
> Affects Versions: 1.10.0, 1.10.1, 1.10.2
> Reporter: Rajiv Bandi
> Priority: Major
> Labels: security
> Fix For: 1.11.0
>
>
> Please upgrade Apache Commons Compress to version 1.21 as current version in
> avro v1.10.x (commons-compress v1.20) has 4 High vulnerabilities
> [CVE-2021-35515|https://github.com/advisories/GHSA-7hfm-57qf-j43q],
> [CVE-2021-35516|https://github.com/advisories/GHSA-crv7-7245-f45f],
> [CVE-2021-35517|https://github.com/advisories/GHSA-xqfj-vm6h-2x34] and
> [CVE-2021-36090|https://github.com/advisories/GHSA-mc84-pj99-q6hh]
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
