Hi guys, Avro 1.11.3 has been released, fixing CVE-2023-39410. We already updated to Avro 1.11.3 on main.
About CVE, we also already use guava 32.1.3, fixing CVE-2023-2976. As the Avro CVE is classified high (see https://nvd.nist.gov/vuln/detail/CVE-2023-39410), I propose to bump to Avro 1.11.3 on our 1.4.x branch and release Iceberg 1.4.3 including this. Thoughts ? If there are no objections, I'm volunteer to drive this release. Thanks, Regards JB
