[
https://issues.apache.org/jira/browse/FLINK-39283?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
ASF GitHub Bot updated FLINK-39283:
-----------------------------------
Labels: pull-request-available (was: )
> Upgrade org.apache.avro:avro to 1.12.1
> --------------------------------------
>
> Key: FLINK-39283
> URL: https://issues.apache.org/jira/browse/FLINK-39283
> Project: Flink
> Issue Type: Technical Debt
> Components: Formats (JSON, Avro, Parquet, ORC, SequenceFile)
> Reporter: Sergey Nuyanzin
> Assignee: Sergey Nuyanzin
> Priority: Major
> Labels: pull-request-available
>
> {quote}
> Security Fixes
> This release addresses 4 security fixes:
> Prevent class with empty Java package being trusted by
> SpecificDatumReader (#3311)
> Remove the default serializable packages and deprecated the property to
> introduce org.apache.avro.SERIALIZABLE_CLASSES instead (#3376)
> java-[key-]class allowed packages must be packages (#3453)
> AVRO-4053: doc consistency in velocity templates (#3150)
> {quote}
> source https://avro.apache.org/blog/2025/10/16/avro-1.12.1/
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
