abhilakshyadobhal opened a new pull request, #3333:
URL: https://github.com/apache/avro/pull/3333
<!--
*Thank you very much for contributing to Apache Avro - we are happy that you
want to help us improve Avro. To help the community review your contribution in
the best possible way, please go through the checklist below, which will get
the contribution into a shape in which it can be best reviewed.*
*Please understand that we do not do this to make contributions to Avro a
hassle. In order to uphold a high standard of quality for code contributions,
while at the same time managing a large number of contributions, we need
contributors to prepare the contributions well, and give reviewers enough
contextual information for the review. Please also understand that
contributions that do not follow this guide will take longer to review and thus
typically be picked up with lower priority by the community.*
## Contribution Checklist
- Make sure that the pull request corresponds to a [JIRA
issue](https://issues.apache.org/jira/projects/AVRO/issues). Exceptions are
made for typos in JavaDoc or documentation files, which need no JIRA issue.
- Name the pull request in the form "AVRO-XXXX: [component] Title of the
pull request", where *AVRO-XXXX* should be replaced by the actual issue number.
The *component* is optional, but can help identify the correct reviewers
faster: either the language ("java", "python") or subsystem such as "build" or
"doc" are good candidates.
- Fill out the template below to describe the changes contributed by the
pull request. That will give reviewers the context they need to do the review.
- Make sure that the change passes the automated tests. You can [build the
entire project](https://github.com/apache/avro/blob/main/BUILD.md) or just the
[language-specific
SDK](https://avro.apache.org/project/how-to-contribute/#unit-tests).
- Each pull request should address only one issue, not mix up code from
multiple issues.
- Each commit in the pull request has a meaningful commit message
(including the JIRA id)
- Every commit message references Jira issues in their subject lines. In
addition, commits follow the guidelines from [How to write a good git commit
message](https://chris.beams.io/posts/git-commit/)
1. Subject is separated from body by a blank line
1. Subject is limited to 50 characters (not including Jira issue
reference)
1. Subject does not end with a period
1. Subject uses the imperative mood ("add", not "adding")
1. Body wraps at 72 characters
1. Body explains "what" and "why", not "how"
-->
## What is the purpose of the change
- This pull request ensures that trustedPackages is always initialized
properly in SpecificDatumReader.
Previously, `trustedPackages.addAll(Arrays.asList(SERIALIZABLE_PACKAGES));`
was not called in every constructor, leading to cases where the system property
`org.apache.avro.SERIALIZABLE_PACKAGES` was set, but custom packages were still
not recognized as trusted.
- This caused errors when `checkSecurity()` was invoked and the expected
package was missing from the `trustedPackages` list.
## Verifying this change
This change is already covered by existing tests that validate schema-based
serialization and security checks.
Additionally, we tested it manually by setting
`org.apache.avro.SERIALIZABLE_PACKAGES` and verifying that user-defined
packages are correctly added.
## Documentation
- Does this pull request introduce a new feature? No
- This is a bug fix and does not require additional documentation.
## JIRA Ticket
- **JIRA Ticket:**
[HADOOP-19315](https://issues.apache.org/jira/browse/HADOOP-19315)
- **Note:** Although this issue is tracked under the Hadoop JIRA board, the
actual fix is required in Apache Avro.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@avro.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
