upgrade avro version to 1.11.0 by aggarwalakshay · Pull Request #12156 · apache/druid

aggarwalakshay · 2022-01-14T13:50:14Z

Upgrading avro version to 1.11.0 because of security vulnerability.

This PR has:

been self-reviewed.
- using the concurrency checklist (Remove this item if the PR doesn't have any relation to concurrency.)
added documentation for new or modified features or behaviors.
added Javadocs for most classes and all non-trivial methods. Linked related entities via Javadoc links.
added or updated version, license, or notice information in licenses.yaml
added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader.
added unit tests or modified existing tests to cover new code paths, ensuring the threshold for code coverage is met.
added integration tests.
been tested in a test Druid cluster.

jihoonson · 2022-01-14T17:14:19Z

@aggarwalakshay thank you for the PR. Can you link the CVE in question in the PR?

aggarwalakshay · 2022-01-14T18:07:19Z

@jihoonson it was this but it turns out to be false positive and only effects .net so closing this pr

upgrade avro version to 1.11.0

edc0c1f

aggarwalakshay closed this Jan 14, 2022

aggarwalakshay deleted the akshay-upgrade-avro-ver branch January 14, 2022 18:07

Provide feedback