Sergey Nuyanzin created FLINK-39283:
---------------------------------------
Summary: Upgrade org.apache.avro:avro to 1.12.1
Key: FLINK-39283
URL: https://issues.apache.org/jira/browse/FLINK-39283
Project: Flink
Issue Type: Technical Debt
Components: Formats (JSON, Avro, Parquet, ORC, SequenceFile)
Reporter: Sergey Nuyanzin
Assignee: Sergey Nuyanzin
{quote}
Security Fixes
This release addresses 4 security fixes:
Prevent class with empty Java package being trusted by SpecificDatumReader
(#3311)
Remove the default serializable packages and deprecated the property to
introduce org.apache.avro.SERIALIZABLE_CLASSES instead (#3376)
java-[key-]class allowed packages must be packages (#3453)
AVRO-4053: doc consistency in velocity templates (#3150)
{quote}
source https://avro.apache.org/blog/2025/10/16/avro-1.12.1/
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
