Hey Piotr, The Avro release still has to be done. We have 1.12.0 which has <https://github.com/apache/iceberg/pull/10879> been released, but that also drops Java 8 support, so we can't backport it. We still have to run the 1.11.4 Avro release to backport the CVE fix.
Kind regards, Fokko Op wo 7 aug 2024 om 16:15 schreef Piotr Findeisen <piotr.findei...@gmail.com >: > Hi > > Thank you JB and Eduard for commenting! > > JB, which Avro version we would be updating to for the CVE fix? > > Best > Piotr > > > On Mon, 29 Jul 2024 at 13:36, Jean-Baptiste Onofré <j...@nanthrax.net> > wrote: > >> That's fair (and I agree), but as these coming Avro releases include >> CVE fix, I think it's worth considering. >> >> Regards >> JB >> >> On Mon, Jul 29, 2024 at 9:07 AM Eduard Tudenhöfner >> <etudenhoef...@apache.org> wrote: >> > >> > I don't think we should be including general dependency updates in a >> patch release unless they are critical. >> > >> > On Mon, Jul 29, 2024 at 8:13 AM Jean-Baptiste Onofré <j...@nanthrax.net> >> wrote: >> >> >> >> Hi, >> >> >> >> It would be great to include the Avro update in 1.6.1 release. >> >> >> >> I agree for a maintenance release on 1.6.x, but I would like to >> >> include a couple of updates. >> >> >> >> Happy to drive this release :) >> >> >> >> Thanks ! >> >> Regards >> >> JB >> >> >> >> On Fri, Jul 26, 2024 at 6:19 PM Piotr Findeisen >> >> <piotr.findei...@gmail.com> wrote: >> >> > >> >> > Hi, >> >> > >> >> > ParallelIterable memory limit PR [1] is backported to 1.6.x branch >> [2]. >> >> > >> >> > Are there any other bug fixes that should go into 1.6.1 release? >> >> > >> >> > Best, >> >> > Piotr >> >> > >> >> > >> >> > [1] https://github.com/apache/iceberg/pull/10691 >> >> > [2] https://github.com/apache/iceberg/pull/10787 >> >> > >> >> > >> >
