Re: [DISCUSS] Expediting Pulsar releases 3.0.7 and 3.3.2 due to critical RCE vulnerability in Avro Java SDK <1.11.4, CVE-2024-47561

I have requested more details about CVE-2024-47561 directly from the Apache Avro project in this email to the us...@avro.apache.org mailing list: https://lists.apache.org/thread/hrlxrn229vj7fkryx12npz8ws64026qo Questions asked: 1. Is the RCE issue (Arbitrary Code Execution when reading Avro Dat

Re: [VOTE] PIP-379: Key_Shared Draining Hashes for Improved Message Ordering

+1 (non-binding) On 2024/10/01 23:53:35 Lari Hotari wrote: > Hi, > > I'd like to start the voting thread for PIP-379: Key_Shared Draining Hashes > for Improved Message Ordering > > Proposal PR: https://github.com/apache/pulsar/pull/23309 > Rendered PIP document: > https://github.com/lhotari/pu

Re: [VOTE] PIP-379: Key_Shared Draining Hashes for Improved Message Ordering

+1（non-binding) On 2024/10/03 06:28:09 Nicolò Boschi wrote: > +1 > Thanks > > > Il gio 3 ott 2024, 02:36 Apurva Telang ha > scritto: > > > +1 (non-binding) > > > > Best regards, > > Apurva Telang. > > > > > > On Wed, Oct 2, 2024 at 00:32 Enrico Olivelli wrote: > > > > > +1 (binding) > > > > >

[DISCUSS] Expediting Pulsar releases 3.0.7 and 3.3.2 due to critical RCE vulnerability in Avro Java SDK <1.11.4, CVE-2024-47561

Dear Pulsar Community, There's a critical 9.3/10 level RCE vulnerability in Avro Java SDK <1.11.4, CVE-2024-47561. More details can be found in these resources: - https://github.com/advisories/GHSA-r7pg-v2c8-mfg3 - https://nvd.nist.gov/vuln/detail/CVE-2024-47561 - https://lists.apache.org/thread/c