+1 Thanks, Ajantha
On Wed, Nov 15, 2023 at 10:42 AM Jean-Baptiste Onofré <j...@nanthrax.net> wrote: > Hi guys, > > Avro 1.11.3 has been released, fixing CVE-2023-39410. > We already updated to Avro 1.11.3 on main. > > About CVE, we also already use guava 32.1.3, fixing CVE-2023-2976. > > As the Avro CVE is classified high (see > https://nvd.nist.gov/vuln/detail/CVE-2023-39410), I propose to bump to > Avro 1.11.3 on our 1.4.x branch and release Iceberg 1.4.3 including > this. > > Thoughts ? > > If there are no objections, I'm volunteer to drive this release. > > Thanks, > Regards > JB >
