[FLINK-36528] Update org.apache.avro : avro dependency - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: kubernetes-operator-1.10.0
Fix Version/s: kubernetes-operator-1.11.0
Component/s: Kubernetes Operator
Labels:
- pull-request-available

Description

Update the org.apache.avro : avro package present in flink-beam-example to remediate the vulnerabilities associated with this package. It is a transitive dependency for beam-sdks-java-core and the current version 1.8.2.

Package info:
https://mvnrepository.com/artifact/org.apache.avro/avro/1.8.2

Vulnerabilities info:
Direct vulnerabilities:
CVE-2024-47561
CVE-2023-39410

Vulnerabilities from dependencies:
CVE-2024-25710
CVE-2023-43642
CVE-2023-34455
CVE-2023-34454
CVE-2023-34453
CVE-2021-36090
CVE-2021-35517
CVE-2021-35516
CVE-2021-35515
CVE-2020-15250
CVE-2019-10202
CVE-2019-10172
CVE-2018-11771

Proposed change solution:
Bump the version from 1.8.2 to 1.12.0

Attachments

Issue Links

is a clone of

FLINK-36522 Bump mysql-connector-j version

Resolved

links to

GitHub Pull Request #901

Activity

People

Assignee:: Kartik Goyal

Reporter:: Kartik Goyal

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 14/Oct/24 10:35

Updated:: 15/Oct/24 05:21