Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade Avro to 1.11.3 #15419

Merged
merged 1 commit into from
Nov 28, 2023
Merged

Upgrade Avro to 1.11.3 #15419

merged 1 commit into from
Nov 28, 2023

Conversation

KeerthanaSrikanth
Copy link
Contributor

What

Currently, Druid is using Avro 1.11.1 version. Upgrade to 1.11.3 to address CVE-2023-39410 - When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.

@abhishekagarwal87
Copy link
Contributor

LGTM.

@abhishekagarwal87 abhishekagarwal87 merged commit 7a8204d into apache:master Nov 28, 2023
88 of 89 checks passed
@abhishekagarwal87
Copy link
Contributor

Thank you @KeerthanaSrikanth, for your first contribution.

yashdeep97 pushed a commit to yashdeep97/druid that referenced this pull request Dec 1, 2023
@KeerthanaSrikanth
Upgrade Avro to 1.11.3 to address CVE-2023-39410 (apache#15419)
1b089eb
yashdeep97 pushed a commit to yashdeep97/druid that referenced this pull request Dec 1, 2023
@KeerthanaSrikanth
Upgrade Avro to 1.11.3 to address CVE-2023-39410 (apache#15419)
978deda
Pankaj260100 pushed a commit to confluentinc/druid that referenced this pull request Dec 13, 2023
@KeerthanaSrikanth @Pankaj260100
Upgrade Avro to 1.11.3 to address CVE-2023-39410 (apache#15419)
13e2abf
@Pankaj260100 Pankaj260100 mentioned this pull request Dec 19, 2023
Merged
Pankaj260100 pushed a commit to confluentinc/druid that referenced this pull request Dec 19, 2023
@KeerthanaSrikanth @Pankaj260100
Upgrade Avro to 1.11.3 to address CVE-2023-39410 (apache#15419)
5f565cc
Pankaj260100 pushed a commit to confluentinc/druid that referenced this pull request Dec 19, 2023
@KeerthanaSrikanth @Pankaj260100
Upgrade Avro to 1.11.3 to address CVE-2023-39410 (apache#15419)
fc59bc7
@LakshSingla LakshSingla added this to the 29.0.0 milestone Jan 29, 2024
@LakshSingla LakshSingla mentioned this pull request Feb 13, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abhishekagarwal87 abhishekagarwal87 abhishekagarwal87 approved these changes

Assignees
No one assigned
Labels
Area - Dependencies
Projects
None yet
Milestone
29.0.0
Development

Successfully merging this pull request may close these issues.
3 participants
@KeerthanaSrikanth @abhishekagarwal87 @LakshSingla