[jira] [Commented] (HADOOP-19315) Bump avro from 1.9.2 to 1.11.4

Wed, 23 Oct 2024 05:25:30 -0700 


    [ 
https://issues.apache.org/jira/browse/HADOOP-19315?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17892133#comment-17892133
 ] 

ASF GitHub Bot commented on HADOOP-19315:
-----------------------------------------

dom93dd opened a new pull request, #7128:
URL: https://github.com/apache/hadoop/pull/7128

   ### Description of PR
   
   Bumped avro version from 1.9.2 to 1.11.4 and adjusted some parts where still 
member variables instead of getter/setter methods where used (avro made member 
variables private).
   
   ### How was this patch tested?
   run mvn clean install javadoc:javadoc checkstyle:checkstyle
   
   ### For code changes:
   
   - [ x] Does the title or this PR starts with the corresponding JIRA issue id 
(e.g. 'HADOOP-17799. Your PR title ...')?
   - [ ] Object storage: have the integration tests been executed and the 
endpoint declared according to the connector-specific documentation?
   - [ ] If adding new dependencies to the code, are these dependencies 
licensed in a way that is compatible for inclusion under [ASF 
2.0](http://www.apache.org/legal/resolved.html#category-a)?
   - [ ] If applicable, have you updated the `LICENSE`, `LICENSE-binary`, 
`NOTICE-binary` files?
   
   




> Bump avro from 1.9.2 to 1.11.4
> ------------------------------
>
>                 Key: HADOOP-19315
>                 URL: https://issues.apache.org/jira/browse/HADOOP-19315
>             Project: Hadoop Common
>          Issue Type: Task
>    Affects Versions: 3.4.0
>            Reporter: Dominik Diedrich
>            Priority: Major
>             Fix For: 3.4.1
>
>
> We should bump the avro version in the hadoop-project pom.xml from 1.9.2 to 
> 1.11.4 in order to fix following CVE's:
> * 
> [CVE-2024-47561|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47561]
> * 
> [CVE-2023-39410|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39410]
> I already fixed it locally and can create a PR for that.
> A few classes need to be adjusted, because avro introduced new getter, setter 
> methods for some member variables which are now private.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to