[
https://issues.apache.org/jira/browse/HADOOP-19315?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17892391#comment-17892391
]
ASF GitHub Bot commented on HADOOP-19315:
-----------------------------------------
dom93dd commented on PR #7128:
URL: https://github.com/apache/hadoop/pull/7128#issuecomment-2434672892
@steveloughran Can you please specify what the ToDo is here on my side?
Seems like this sysprop needs to be set either way right? What do you mean by
checking the standard serializer methods in mapreduce? I'm missing the full
picture here.
> Bump avro from 1.9.2 to 1.11.4
> ------------------------------
>
> Key: HADOOP-19315
> URL: https://issues.apache.org/jira/browse/HADOOP-19315
> Project: Hadoop Common
> Issue Type: Task
> Components: build
> Affects Versions: 3.4.0, 3.4.1
> Reporter: Dominik Diedrich
> Priority: Major
> Labels: pull-request-available
>
> We should bump the avro version in the hadoop-project pom.xml from 1.9.2 to
> 1.11.4 in order to fix following CVE's:
> *
> [CVE-2024-47561|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47561]
> *
> [CVE-2023-39410|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39410]
> I already fixed it locally and can create a PR for that.
> A few classes need to be adjusted, because avro introduced new getter, setter
> methods for some member variables which are now private.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
