pineapple-pokopo opened a new issue, #34968: URL: https://github.com/apache/beam/issues/34968
### What needs to happen? The latest version of the [Java IO Google Cloud Platform Expansion Service](https://mvnrepository.com/artifact/org.apache.beam/beam-sdks-java-io-google-cloud-platform-expansion-service) contains an outdated version of Avro (1.11.3). It should be upgraded to 1.11.4 to fix CVE-2024-47561. There is a related issue #33144 and PR #32770, but even the latest build on master still contains Avro 1.11.3: https://develocity.apache.org/s/htp5xqpbxo64m/dependencies?focusedDependency=WzE5LDQsMjE3MyxbMTksNCxbMTMxMSwyMTczXV1d&toggled=W1sxOV0sWzE5LDRdLFsxOSw0LFsxMzExXV1d ### Issue Priority Priority: 2 (default / most normal work should be filed as P2) ### Issue Components - [ ] Component: Python SDK - [x] Component: Java SDK - [ ] Component: Go SDK - [ ] Component: Typescript SDK - [ ] Component: IO connector - [ ] Component: Beam YAML - [ ] Component: Beam examples - [ ] Component: Beam playground - [ ] Component: Beam katas - [ ] Component: Website - [ ] Component: Infrastructure - [ ] Component: Spark Runner - [ ] Component: Flink Runner - [ ] Component: Samza Runner - [ ] Component: Twister2 Runner - [ ] Component: Hazelcast Jet Runner - [ ] Component: Google Cloud Dataflow Runner -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: github-unsubscr...@beam.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
