Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FLINK-33238][Formats/Avro] Upgrade used AVRO version to 1.11.3 #23508

Merged
merged 1 commit into from
Oct 20, 2023
Merged

[FLINK-33238][Formats/Avro] Upgrade used AVRO version to 1.11.3 #23508

merged 1 commit into from
Oct 20, 2023

Conversation

MartijnVisser
Copy link
Contributor

What is the purpose of the change

Upgrade AVRO to 1.11.3 to mitigate scanners flagging Flink as vulnerable for CVE-2023-39410

Brief change log

  • Updated version in pom.xml
  • Updated NOTICE files

Verifying this change

This change is a trivial rework / code cleanup without any test coverage.

Does this pull request potentially affect one of the following parts:

  • Dependencies (does it add or upgrade a dependency): yes
  • The public API, i.e., is any changed class annotated with @Public(Evolving): no
  • The serializers: yes
  • The runtime per-record code paths (performance sensitive): no
  • Anything that affects deployment or recovery: JobManager (and its components), Checkpointing, Kubernetes/Yarn, ZooKeeper: no
  • The S3 file system connector: no

Documentation

  • Does this pull request introduce a new feature? no
  • If yes, how is the feature documented? not applicable

@flinkbot
Copy link
Collaborator

flinkbot commented Oct 11, 2023
edited

CI report:

Bot commands The @flinkbot bot supports the following commands:
  • @flinkbot run azure re-run the last Azure build

@afedulov afedulov mentioned this pull request Oct 16, 2023
Closed
@afedulov
Copy link
Contributor

@MartijnVisser head up for the test failure fix:
https://github.com/apache/flink/pull/23524/files

@MartijnVisser @anleib
[FLINK-33238][Formats/Avro] Upgrade used AVRO version to 1.11.3 to mi…
2d8c14b 
…tigate scanners flagging Flink as vulnerable for CVE-2023-39410

Co-authored-by: AndreiLeib <andrei.leibovski@appdirect.com>
@MartijnVisser MartijnVisser mentioned this pull request Oct 20, 2023
Merged
snuyanzin
snuyanzin reviewed Oct 20, 2023
View reviewed changes
...-avro/src/test/java/org/apache/flink/formats/avro/RegistryAvroDeserializationSchemaTest.java
@@ -85,7 +85,7 @@ void testSpecificRecordReadMoreFieldsThanWereWritten() throws IOException {
+ " \"fields\": [\n"
+ " {\"name\": \"name\", \"type\": \"string\"}"
+ " ]\n"
+ "}]");
+ "}");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

😮

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep :O https://issues.apache.org/jira/browse/FLINK-33303 + https://issues.apache.org/jira/browse/AVRO-3536

@MartijnVisser MartijnVisser merged commit a58a35e into apache:master Oct 20, 2023
@MartijnVisser MartijnVisser deleted the FLINK-33238-upgrade-avro branch October 20, 2023 10:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@snuyanzin snuyanzin snuyanzin approved these changes

Assignees
No one assigned
Labels
component=Connectors/Kafka component=Formats
Projects
None yet
Milestone
No milestone
4 participants
@MartijnVisser @flinkbot @afedulov @snuyanzin