From 1be3793c3f598ee5b00b2732c172d90620a21eac Mon Sep 17 00:00:00 2001 From: Lari Hotari Date: Fri, 4 Oct 2024 02:15:47 +0300 Subject: [PATCH] [fix][sec] Upgrade Avro to 1.11.4 to address CVE-2024-47561 (#23394) (cherry picked from commit 8571e65a1af0df5058397cdb096e794b41a93258) --- distribution/server/src/assemble/LICENSE.bin.txt | 4 ++-- pom.xml | 2 +- pulsar-sql/presto-distribution/LICENSE | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt index 9d7485024d6be..f4b50cd8530a5 100644 --- a/distribution/server/src/assemble/LICENSE.bin.txt +++ b/distribution/server/src/assemble/LICENSE.bin.txt @@ -486,8 +486,8 @@ The Apache Software License, Version 2.0 * Jodah - net.jodah-typetools-0.5.0.jar * Apache Avro - - org.apache.avro-avro-1.11.3.jar - - org.apache.avro-avro-protobuf-1.11.3.jar + - org.apache.avro-avro-1.11.4.jar + - org.apache.avro-avro-protobuf-1.11.4.jar * Apache Curator - org.apache.curator-curator-client-5.1.0.jar - org.apache.curator-curator-framework-5.1.0.jar diff --git a/pom.xml b/pom.xml index 5b5595a1a54b4..1cba64922c147 100644 --- a/pom.xml +++ b/pom.xml @@ -145,7 +145,7 @@ flexible messaging model and an intuitive client API. 2.3.0 5.1.1 1.11.774 - 1.11.3 + 1.11.4 2.10.5 2.5.0 5.1.0 diff --git a/pulsar-sql/presto-distribution/LICENSE b/pulsar-sql/presto-distribution/LICENSE index 3e8d7b40fcdc9..5e8ee2ac7c533 100644 --- a/pulsar-sql/presto-distribution/LICENSE +++ b/pulsar-sql/presto-distribution/LICENSE @@ -365,8 +365,8 @@ The Apache Software License, Version 2.0 * Apache XBean :: Reflect - xbean-reflect-3.4.jar * Avro - - avro-1.11.3.jar - - avro-protobuf-1.11.3.jar + - avro-1.11.4.jar + - avro-protobuf-1.11.4.jar * Caffeine - caffeine-2.9.1.jar * Javax