From 3aaad8e2c4cafccb00a202b2c48f2dd5114fc4f2 Mon Sep 17 00:00:00 2001
From: "mingye.jmy" <mxdzs0612@gmail.com>
Date: Thu, 6 Mar 2025 11:31:36 +0800
Subject: [PATCH] [security] Upgrade avro version to avoid CVE-2024-47561

---
 paimon-format/src/main/resources/META-INF/NOTICE | 2 +-
 pom.xml                                          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/paimon-format/src/main/resources/META-INF/NOTICE b/paimon-format/src/main/resources/META-INF/NOTICE
index 44e3ca97a904..8f533578327e 100644
--- a/paimon-format/src/main/resources/META-INF/NOTICE
+++ b/paimon-format/src/main/resources/META-INF/NOTICE
@@ -13,7 +13,7 @@ This project bundles the following dependencies under the Apache Software Licens
 - commons-lang:commons-lang:2.6
 - org.apache.commons:commons-lang3:3.12.0
 
-- org.apache.avro:avro:1.11.3
+- org.apache.avro:avro:1.11.4
 - com.fasterxml.jackson.core:jackson-core:2.14.2
 - com.fasterxml.jackson.core:jackson-databind:2.14.2
 - com.fasterxml.jackson.core:jackson-annotations:2.14.2
diff --git a/pom.xml b/pom.xml
index b40fbeecd5e4..b402cc235cf9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -129,7 +129,7 @@ under the License.
         <jaxb.api.version>2.3.1</jaxb.api.version>
         <findbugs.version>1.3.9</findbugs.version>
         <json-smart.version>2.4.9</json-smart.version>
-        <avro.version>1.11.3</avro.version>
+        <avro.version>1.11.4</avro.version>
         <kafka.version>3.2.3</kafka.version>
         <scala-maven-plugin.version>3.2.2</scala-maven-plugin.version>
         <scalatest-maven-plugin.version>2.1.0</scalatest-maven-plugin.version>