adarshhm6 opened a new issue, #25783: URL: https://github.com/apache/pulsar/issues/25783
### Search before reporting - [x] I searched in the [issues](https://github.com/apache/pulsar/issues) and found nothing similar. ### Motivation Summary There is a reported security vulnerability in org.apache.avro:avro, which is used as a dependency in Apache Pulsar. CVE: https://nvd.nist.gov/vuln/detail/CVE-2025-33042 Affected dependency version in Pulsar: [pulsar/pom.xml](https://github.com/apache/pulsar/blob/branch-3.0/pom.xml#L189) [pulsar/pom.xml](https://github.com/apache/pulsar/blob/branch-4.0/pom.xml#L236) <avro.version>1.11.4</avro.version> ### Solution Upgrade avro version to 1.12.1 or 1.11.5 ### Alternatives _No response_ ### Anything else? _No response_ ### Are you willing to submit a PR? - [ ] I'm willing to submit a PR! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
