steveloughran commented on PR #7128:
URL: https://github.com/apache/hadoop/pull/7128#issuecomment-2462179001
Here's my draft Commit Message
We need to highlight it is not backwards compatibility, and include the CVEs
to make log scanning find them.
Does it seem good?
---
HADOOP-19315. Upgrade Apache Avro to 1.11.4
* All field access is now via setter/getter methods
* To use Avro to marshal Serializable objects,
the packages they are in must be declared in the system property
"org.apache.avro.SERIALIZABLE_PACKAGES"
This is required to address
- CVE-2024-47561
- CVE-2023-39410
This change is not backwards compatible.
Contributed by Dominik Diedrich
---
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
