This is an automated email from the ASF dual-hosted git repository. martijnvisser pushed a commit to branch release-1.18 in repository https://gitbox.apache.org/repos/asf/flink.git
The following commit(s) were added to refs/heads/release-1.18 by this push: new a85832fb8ff [FLINK-33238][Formats/Avro] Upgrade used AVRO version to 1.11.3. This closes #23559 a85832fb8ff is described below commit a85832fb8ff1b1c55fa3e532645d208749b803d5 Author: MartijnVisser <martijnvis...@apache.org> AuthorDate: Mon Oct 23 08:29:02 2023 +0200 [FLINK-33238][Formats/Avro] Upgrade used AVRO version to 1.11.3. This closes #23559 Mitigate scanners flagging Flink as vulnerable for CVE-2023-39410 Co-authored-by: AndreiLeib <andrei.leibov...@appdirect.com> --- .../flink/formats/avro/RegistryAvroDeserializationSchemaTest.java | 2 +- .../src/main/resources/META-INF/NOTICE | 2 +- flink-formats/flink-sql-avro/src/main/resources/META-INF/NOTICE | 2 +- pom.xml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/flink-formats/flink-avro/src/test/java/org/apache/flink/formats/avro/RegistryAvroDeserializationSchemaTest.java b/flink-formats/flink-avro/src/test/java/org/apache/flink/formats/avro/RegistryAvroDeserializationSchemaTest.java index c11c4bfb6b6..424e44817ee 100644 --- a/flink-formats/flink-avro/src/test/java/org/apache/flink/formats/avro/RegistryAvroDeserializationSchemaTest.java +++ b/flink-formats/flink-avro/src/test/java/org/apache/flink/formats/avro/RegistryAvroDeserializationSchemaTest.java @@ -85,7 +85,7 @@ class RegistryAvroDeserializationSchemaTest { + " \"fields\": [\n" + " {\"name\": \"name\", \"type\": \"string\"}" + " ]\n" - + "}]"); + + "}"); RegistryAvroDeserializationSchema<SimpleRecord> deserializer = new RegistryAvroDeserializationSchema<>( SimpleRecord.class, diff --git a/flink-formats/flink-sql-avro-confluent-registry/src/main/resources/META-INF/NOTICE b/flink-formats/flink-sql-avro-confluent-registry/src/main/resources/META-INF/NOTICE index dd601b9119f..f4fd1a6308d 100644 --- a/flink-formats/flink-sql-avro-confluent-registry/src/main/resources/META-INF/NOTICE +++ b/flink-formats/flink-sql-avro-confluent-registry/src/main/resources/META-INF/NOTICE @@ -13,7 +13,7 @@ This project bundles the following dependencies under the Apache Software Licens - io.confluent:common-config:7.2.2 - io.confluent:common-utils:7.2.2 - io.confluent:kafka-schema-registry-client:7.2.2 -- org.apache.avro:avro:1.11.1 +- org.apache.avro:avro:1.11.3 - org.apache.commons:commons-compress:1.21 - org.apache.kafka:kafka-clients:7.2.2-ccs - org.glassfish.jersey.core:jersey-common:2.30 diff --git a/flink-formats/flink-sql-avro/src/main/resources/META-INF/NOTICE b/flink-formats/flink-sql-avro/src/main/resources/META-INF/NOTICE index 21f85619d82..4cf05a46b4a 100644 --- a/flink-formats/flink-sql-avro/src/main/resources/META-INF/NOTICE +++ b/flink-formats/flink-sql-avro/src/main/resources/META-INF/NOTICE @@ -6,7 +6,7 @@ The Apache Software Foundation (http://www.apache.org/). This project bundles the following dependencies under the Apache Software License 2.0. (http://www.apache.org/licenses/LICENSE-2.0.txt) -- org.apache.avro:avro:1.11.1 +- org.apache.avro:avro:1.11.3 - com.fasterxml.jackson.core:jackson-core:2.14.3 - com.fasterxml.jackson.core:jackson-databind:2.14.3 - com.fasterxml.jackson.core:jackson-annotations:2.14.3 diff --git a/pom.xml b/pom.xml index 30ab009840a..38a78c5d829 100644 --- a/pom.xml +++ b/pom.xml @@ -142,7 +142,7 @@ under the License. <!-- keep FlinkTestcontainersConfigurator.configureZookeeperContainer in sync --> <zookeeper.version>3.7.1</zookeeper.version> <curator.version>5.4.0</curator.version> - <avro.version>1.11.1</avro.version> + <avro.version>1.11.3</avro.version> <!-- Version for transitive Jackson dependencies that are not used within Flink itself.--> <jackson-bom.version>2.14.3</jackson-bom.version> <javax.activation.api.version>1.2.0</javax.activation.api.version>