Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Task]: Upgrade Avro to 1.11.4 to fix CVE-2024-47561 #33144

Closed
2 of 17 tasks
fabriciorby opened this issue Nov 18, 2024 · 3 comments · Fixed by #32770
Closed
2 of 17 tasks

[Task]: Upgrade Avro to 1.11.4 to fix CVE-2024-47561 #33144

fabriciorby opened this issue Nov 18, 2024 · 3 comments · Fixed by #32770

Comments

@fabriciorby
Copy link

What needs to happen?

Hello,

I see there's this CVE-2024-47561 related to the Avro version.

I am creating this issue because the only thing I could find regarding this issue was this draft PR that should fix it, but seems abandoned to me. #32770

Thanks

Issue Priority

Priority: 1 (urgent / mostly reserved for critical bugs)

Issue Components

  • Component: Python SDK
  • Component: Java SDK
  • Component: Go SDK
  • Component: Typescript SDK
  • Component: IO connector
  • Component: Beam YAML
  • Component: Beam examples
  • Component: Beam playground
  • Component: Beam katas
  • Component: Website
  • Component: Infrastructure
  • Component: Spark Runner
  • Component: Flink Runner
  • Component: Samza Runner
  • Component: Twister2 Runner
  • Component: Hazelcast Jet Runner
  • Component: Google Cloud Dataflow Runner
@liferoad
Copy link
Collaborator

cc @damccorm what is the status of #32770

@damccorm
Copy link
Contributor

I haven't had a chance to prioritize it yet. I was hoping the upgrade would be trivial, but it doesn't look like it so far

@damccorm
Copy link
Contributor

I'm planning on coming back to this soon, though (hopefully this week)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants