[fix][sec] Upgrade Avro to 1.11.4 to address CVE-2024-47561 (#23394)

(cherry picked from commit 8571e65)
apache · Oct 8, 2024 · 1be3793 · 1be3793
1 parent 007d8cb
commit 1be3793
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 5 deletions.
diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -486,8 +486,8 @@ The Apache Software License, Version 2.0
   * Jodah
     - net.jodah-typetools-0.5.0.jar
   * Apache Avro
-    - org.apache.avro-avro-1.11.3.jar
-    - org.apache.avro-avro-protobuf-1.11.3.jar
+    - org.apache.avro-avro-1.11.4.jar
+    - org.apache.avro-avro-protobuf-1.11.4.jar
   * Apache Curator
     - org.apache.curator-curator-client-5.1.0.jar
     - org.apache.curator-curator-framework-5.1.0.jar

diff --git a/pom.xml b/pom.xml
@@ -145,7 +145,7 @@ flexible messaging model and an intuitive client API.</description>
     <kafka-client.version>2.3.0</kafka-client.version>
     <rabbitmq-client.version>5.1.1</rabbitmq-client.version>
     <aws-sdk.version>1.11.774</aws-sdk.version>
-    <avro.version>1.11.3</avro.version>
+    <avro.version>1.11.4</avro.version>
     <joda.version>2.10.5</joda.version>
     <jclouds.version>2.5.0</jclouds.version>
     <guice.version>5.1.0</guice.version>

diff --git a/pulsar-sql/presto-distribution/LICENSE b/pulsar-sql/presto-distribution/LICENSE
@@ -365,8 +365,8 @@ The Apache Software License, Version 2.0
   * Apache XBean :: Reflect
     - xbean-reflect-3.4.jar
   * Avro
-    - avro-1.11.3.jar
-    - avro-protobuf-1.11.3.jar
+    - avro-1.11.4.jar
+    - avro-protobuf-1.11.4.jar
   * Caffeine
     - caffeine-2.9.1.jar
   * Javax