退订
On 11/15/2023 13:15,Ajantha Bhat<ajanthab...@gmail.com> wrote: +1 Thanks, Ajantha On Wed, Nov 15, 2023 at 10:42 AM Jean-Baptiste Onofré <j...@nanthrax.net> wrote: Hi guys, Avro 1.11.3 has been released, fixing CVE-2023-39410. We already updated to Avro 1.11.3 on main. About CVE, we also already use guava 32.1.3, fixing CVE-2023-2976. As the Avro CVE is classified high (see https://nvd.nist.gov/vuln/detail/CVE-2023-39410), I propose to bump to Avro 1.11.3 on our 1.4.x branch and release Iceberg 1.4.3 including this. Thoughts ? If there are no objections, I'm volunteer to drive this release. Thanks, Regards JB
