[PARQUET-2487] Bump io.airlift:aircompressor to 0.27 in parquet-hadoop - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.14.0
Fix Version/s: None
Component/s: parquet-hadoop
Labels:
- security

Description

A high severity out-of-bound R/W vulnerability was found in aircompressor and was fixed in version 0.27. parquet-hadoop should be updated from 0.26 to use the new version.

https://nvd.nist.gov/vuln/detail/CVE-2024-36114

Pull request: https://github.com/apache/parquet-java/pull/1363

Attachments

Issue Links

links to

GitHub Pull Request #1363

GitHub Pull Request #1364

Activity

People

Assignee:: Unassigned

Reporter:: Utku Aydin

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 31/May/24 11:56

Updated:: 23/Jun/24 03:33

Resolved:: 04/Jun/24 10:41

Agile

View on Board

Bump io.airlift:aircompressor to 0.27 in parquet-hadoop