Thanks. Is there a specific commit to cherrypick to fix this issue? On Tue, 1 Apr 2025 at 03:03, Gang Wu <gan...@apache.org> wrote:
> Affected versions: > > - Apache Parquet Java through 1.15.0 > > Description: > > Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and > previous versions allows bad actors to execute arbitrary code > > > Users are recommended to upgrade to version 1.15.1, which fixes the issue. > > Credit: > > Keyi Li (Amazon) (finder) > > References: > > https://lists.apache.org/thread/okzqb3kn479gqzxm21gg5vqr35om9gw5 > https://parquet.apache.org/ > https://www.cve.org/CVERecord?id=CVE-2025-30065 > >
