This is an automated email from the ASF dual-hosted git repository.
davsclaus pushed a commit to branch camel-4.4.x
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/camel-4.4.x by this push:
new 2f7bdf29cf1 Fix Avro CVE In Jackson Databind Avro (#15954)
2f7bdf29cf1 is described below
commit 2f7bdf29cf10793888f246fdee768a5978a26b77
Author: Federico Mariani <[email protected]>
AuthorDate: Tue Oct 15 12:46:55 2024 +0200
Fix Avro CVE In Jackson Databind Avro (#15954)
* Fix Avro CVE In Jackson Databind Avro
* Move from libtinfo5 to libtinfo6
Signed-off-by: Andrea Cosentino <[email protected]>
---------
Signed-off-by: Andrea Cosentino <[email protected]>
Co-authored-by: Andrea Cosentino <[email protected]>
---
.github/actions/install-packages/action.yml | 2 +-
components/camel-jackson-avro/pom.xml | 11 +++++++++++
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/.github/actions/install-packages/action.yml
b/.github/actions/install-packages/action.yml
index f100119a738..46f8a0a52ec 100644
--- a/.github/actions/install-packages/action.yml
+++ b/.github/actions/install-packages/action.yml
@@ -22,5 +22,5 @@ runs:
steps:
- run: sudo apt-get update
shell: bash
- - run: sudo apt-get install -qqy --no-install-recommends libtinfo5
+ - run: sudo apt-get install -qqy --no-install-recommends libtinfo6
shell: bash
diff --git a/components/camel-jackson-avro/pom.xml
b/components/camel-jackson-avro/pom.xml
index 2a63b1afe88..4020fc15e4a 100644
--- a/components/camel-jackson-avro/pom.xml
+++ b/components/camel-jackson-avro/pom.xml
@@ -49,6 +49,17 @@
<dependency>
<groupId>com.fasterxml.jackson.dataformat</groupId>
<artifactId>jackson-dataformat-avro</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.avro</groupId>
+ <artifactId>avro</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.avro</groupId>
+ <artifactId>avro</artifactId>
+ <version>${avro-version}</version>
</dependency>
<!-- testing -->
