Thanks Christopher, I’ll try updating the Avro libraries and see what happens on our test clusters.
- Logan On Thu, Mar 30, 2023 at 8:58 PM Christopher <ctubb...@apache.org> wrote: > Oh, I just had a thought. We do use jackson, so if that's being upgraded > and is on Accumulo's classpath, there might be a small chance of it > affecting it. But we frequently update our jackson dependency without > problems, so I wouldn't expect to see any issues. As always, if you're > concerned about the risks, try it on a test environment first. > > On Thu, Mar 30, 2023, 20:55 Christopher <ctubb...@apache.org> wrote: > > > Accumulo doesn't use AVRO directly, so it shouldn't affect Accumulo if > you > > upgrade it for Hadoop. > > > > On Thu, Mar 30, 2023, 14:56 Logan Jones <lo...@codescratch.com> wrote: > > > >> Hello: > >> > >> Hadoop 3.3.4 has some critical vulnerabilities that it pulls in from > avro > >> 1.7.7 -> jackson-mapper-asl 1.9.13 > >> > >> The only thing in my HDFS cluster is Accumulo. Can I safely upgrade my > >> cluster to use Avro 1.11.X or will this break Accumulo? > >> > >> Thanks, > >> > >> - Logan > >> > > >
