[jira] [Created] (HADOOP-19315) Bump avro from 1.9.2 to 1.11.4

Dominik Diedrich (Jira) Tue, 22 Oct 2024 08:22:08 -0700

Dominik Diedrich created HADOOP-19315:
-----------------------------------------


             Summary: Bump avro from 1.9.2 to 1.11.4
                 Key: HADOOP-19315
                 URL: https://issues.apache.org/jira/browse/HADOOP-19315
             Project: Hadoop Common
          Issue Type: Task
    Affects Versions: 3.4.0
            Reporter: Dominik Diedrich
             Fix For: 3.4.1


We should bump the avro version in the hadoop-project pom.xml from 1.9.2 to 
1.11.4 in order to fix following CVE's:

* [CVE-2024-47561|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47561]
* [CVE-2023-39410|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39410]

I already fixed it locally and can create a PR for that.
A few classes need to be adjusted, because avro introduced new getter, setter 
methods for some member variables which are now private.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-dev-h...@hadoop.apache.org

[jira] [Created] (HADOOP-19315) Bump avro from 1.9.2 to 1.11.4

Reply via email to