[fix][sec] Bump avro version to 1.11.3 for CVE-2023-39410 (apache#21341)

Signed-off-by: tison <wander4096@gmail.com> (cherry picked from commit f5222d6)
nodece · Dec 14, 2023 · 5f28257 · 5f28257
1 parent 1044932
commit 5f28257
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 9 deletions.
diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -491,8 +491,8 @@ The Apache Software License, Version 2.0
     - net.jodah-typetools-0.5.0.jar
     - net.jodah-failsafe-2.4.4.jar
   * Apache Avro
-    - org.apache.avro-avro-1.10.2.jar
-    - org.apache.avro-avro-protobuf-1.10.2.jar
+    - org.apache.avro-avro-1.11.3.jar
+    - org.apache.avro-avro-protobuf-1.11.3.jar
   * Apache Curator
     - org.apache.curator-curator-client-5.1.0.jar
     - org.apache.curator-curator-framework-5.1.0.jar

diff --git a/pom.xml b/pom.xml
@@ -144,7 +144,7 @@ flexible messaging model and an intuitive client API.</description>
     <kafka-client.version>2.7.2</kafka-client.version>
     <rabbitmq-client.version>5.1.1</rabbitmq-client.version>
     <aws-sdk.version>1.12.262</aws-sdk.version>
-    <avro.version>1.10.2</avro.version>
+    <avro.version>1.11.3</avro.version>
     <joda.version>2.10.5</joda.version>
     <jclouds.version>2.5.0</jclouds.version>
     <guice.version>5.1.0</guice.version>

diff --git a/...er/src/test/java/org/apache/pulsar/schema/compatibility/SchemaCompatibilityCheckTest.java b/...er/src/test/java/org/apache/pulsar/schema/compatibility/SchemaCompatibilityCheckTest.java
@@ -407,7 +407,7 @@ public void testSchemaComparison() throws Exception {
         assertEquals(admin.namespaces().getSchemaCompatibilityStrategy(namespaceName.toString()),
                 SchemaCompatibilityStrategy.UNDEFINED);
         byte[] changeSchemaBytes = (new String(Schema.AVRO(Schemas.PersonOne.class)
-                .getSchemaInfo().getSchema(), UTF_8) + "/n   /n   /n").getBytes();
+                .getSchemaInfo().getSchema(), UTF_8) + "\n   \n   \n").getBytes();
         SchemaInfo schemaInfo = SchemaInfo.builder().type(SchemaType.AVRO).schema(changeSchemaBytes).build();
         admin.schemas().createSchema(fqtn, schemaInfo);
 

diff --git a/pulsar-client/src/test/java/org/apache/pulsar/client/impl/schema/ProtobufSchemaTest.java b/pulsar-client/src/test/java/org/apache/pulsar/client/impl/schema/ProtobufSchemaTest.java
@@ -41,20 +41,20 @@ public class ProtobufSchemaTest {
             "\"namespace\":\"org.apache.pulsar.client.schema.proto.Test\"," +
             "\"fields\":[{\"name\":\"stringField\",\"type\":{\"type\":\"string\"," +
             "\"avro.java.string\":\"String\"},\"default\":\"\"},{\"name\":\"doubleField\"," +
-            "\"type\":\"double\",\"default\":0},{\"name\":\"intField\",\"type\":\"int\"," +
+            "\"type\":\"double\",\"default\":0.0},{\"name\":\"intField\",\"type\":\"int\"," +
             "\"default\":0},{\"name\":\"testEnum\",\"type\":{\"type\":\"enum\"," +
             "\"name\":\"TestEnum\",\"symbols\":[\"SHARED\",\"FAILOVER\"]}," +
             "\"default\":\"SHARED\"},{\"name\":\"nestedField\"," +
             "\"type\":[\"null\",{\"type\":\"record\",\"name\":\"SubMessage\"," +
             "\"fields\":[{\"name\":\"foo\",\"type\":{\"type\":\"string\"," +
             "\"avro.java.string\":\"String\"},\"default\":\"\"}" +
-            ",{\"name\":\"bar\",\"type\":\"double\",\"default\":0}]}]" +
+            ",{\"name\":\"bar\",\"type\":\"double\",\"default\":0.0}]}]" +
             ",\"default\":null},{\"name\":\"repeatedField\",\"type\":{\"type\":\"array\"" +
             ",\"items\":{\"type\":\"string\",\"avro.java.string\":\"String\"}},\"default\":[]}" +
             ",{\"name\":\"externalMessage\",\"type\":[\"null\",{\"type\":\"record\"" +
             ",\"name\":\"ExternalMessage\",\"namespace\":\"org.apache.pulsar.client.schema.proto.ExternalTest\"" +
             ",\"fields\":[{\"name\":\"stringField\",\"type\":{\"type\":\"string\",\"avro.java.string\":\"String\"}," +
-            "\"default\":\"\"},{\"name\":\"doubleField\",\"type\":\"double\",\"default\":0}]}],\"default\":null}]}";
+            "\"default\":\"\"},{\"name\":\"doubleField\",\"type\":\"double\",\"default\":0.0}]}],\"default\":null}]}";
 
     private static final String EXPECTED_PARSING_INFO = "{\"__alwaysAllowNull\":\"true\",\"__jsr310ConversionEnabled\":\"false\"," +
             "\"__PARSING_INFO__\":\"[{\\\"number\\\":1,\\\"name\\\":\\\"stringField\\\",\\\"type\\\":\\\"STRING\\\"," +

diff --git a/pulsar-sql/presto-distribution/LICENSE b/pulsar-sql/presto-distribution/LICENSE
@@ -381,8 +381,8 @@ The Apache Software License, Version 2.0
   * Apache XBean :: Reflect
     - xbean-reflect-3.4.jar
   * Avro
-    - avro-1.10.2.jar
-    - avro-protobuf-1.10.2.jar
+    - avro-1.11.3.jar
+    - avro-protobuf-1.11.3.jar
   * Caffeine
     - caffeine-2.9.1.jar
   * Javax