Hi Manu, See my comments from few days ago (in the 1.9.x release discussion): https://lists.apache.org/thread/4c4hg85c8qxq4cznp3drnyro88qp0rjr
Regards JB On Sat, Apr 12, 2025 at 4:50 PM Manu Zhang <owenzhang1...@gmail.com> wrote: > > Hi all, > > https://nvd.nist.gov/vuln/detail/CVE-2025-30065 (10.0 critical) has been > fixed on the main branch for 1.9+ (upgrade parquet to 1.15.1). Shall we fix > on 1.8.x, 1.7.x and 1.6.x? > > There's an open issue[1] and PRs for 1.7.x[2] and 1.6.x[3] > > 1. https://github.com/apache/iceberg/issues/12749 > 2. https://github.com/apache/iceberg/pull/12778 > 3. https://github.com/apache/iceberg/pull/12780 > > > Thanks, > Manu
