hudi-bot opened a new issue, #17182: URL: https://github.com/apache/hudi/issues/17182
The last published [hudi-presto-bundle, 1.0.2|https://mvnrepository.com/artifact/org.apache.hudi/hudi-presto-bundle/1.0.2], is using parquet-avro version {{1.13.1}} This unfortunately has two rather bothersome CVEs - # [CVE-2025-46762|https://github.com/advisories/GHSA-53wx-pr6q-m3j5], score 7.1/10 - Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata # [CVE-2025-30065|https://github.com/advisories/GHSA-2c59-37c4-qrx5], score 10/10 - Apache Parquet Avro Module Vulnerable to Arbitrary Code Execution Upgrading to parquet-avro {{1.15.2}} should fix these Reference Hudi Issue - https://github.com/apache/hudi/issues/13308 ## JIRA info - Link: https://issues.apache.org/jira/browse/HUDI-9763 - Type: Bug - Fix version(s): - 1.1.0 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
