I did a search for AVRO security issues and found one for the .NET SDK at 
1.10.2 and earlier. I am wondering if security scans are going to flag that 
even though it shouldn’t apply to Java code.

I also see CVE-2019-17195 which doesn’t make a lot of sense to me. It looks 
like a transitive dependency has an issue and somehow a CVE was created for 
AVRO because the dependency was used in a Docker image. That should not apply 
to Flume.

I’ll try reverting the version and running another build.

Ralph

> On Aug 1, 2022, at 12:48 AM, Tristan Stevens <tris...@apache.org> wrote:
> 
> Hi all,
> Sean reported that the Twitter4j integration was failing last time, seemingly 
> because of an Avro bug. I suggest we roll Avro back to 1.7.7 for this release.
> 
> Sean - grateful for your thoughts as to how important this is.
> 
> Tristan
> 
> Get Outlook for Android<https://aka.ms/AAb9ysg>
> ________________________________
> From: Ralph Goers <ralph.go...@dslextreme.com>
> Sent: Monday, August 1, 2022 1:16:15 AM
> To: dev@flume.apache.org <dev@flume.apache.org>
> Cc: priv...@flume.apache.org <priv...@flume.apache.org>
> Subject: [VOTE] Release Apache Flume 1.10.1-RC1
> 
> This is a vote to release Flume 1.10.1, the next version of the Apache Flume 
> project.
> 
> Please download, test, and cast your votes on the Flume developers list.
> [] +1, release the artifacts
> [] -1, don't release because...
> 
> The vote will remain open for 72 hours. All votes are welcome and we 
> encourage everyone to test the release, but only Flume PMC votes are 
> “officially” counted. As always, at least 3 +1 votes and more positive than 
> negative votes are required.
> 
> Changes in this release can be found at 
> https://flume.staged.apache.org/releases/1.10.1.html.
> 
> Tag:
> a) for a new copy do "git clone https://github.com/apache/flume.git and then 
> "git checkout tags/flume-1.10.1-rc1” or just "git clone -b lflume-1.10.1-rc1 
> https://github.com/apache/flume.git";
> b) for an existing working copy to “git pull” and then “git checkout 
> tags/flume-1.10.1-rc1”
> 
> Web Site: https://flume.staged.apache.org/.
> 
> Maven Artifacts: 
> https://repository.apache.org/content/repositories/orgapacheflume-1036.
> 
> Distribution archives: https://dist.apache.org/repos/dist/dev/flume/
> 
> You may download all the Maven artifacts by executing:
> wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate 
> https://repository.apache.org/content/repositories/orgapacheflume-1036/org/apache/flume/
> 
> Ralph

Reply via email to