[
https://issues.apache.org/jira/browse/FLINK-18192?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17183877#comment-17183877
]
Chesnay Schepler edited comment on FLINK-18192 at 8/25/20, 9:31 PM:
--------------------------------------------------------------------
[~twalthr] Could you find someone to gauge how difficult this would be?
I'm interested in this because of CVE-2019-10172 transitively affecting Avro
1.8.X. I know that we expect users to provide whatever version they wish (and
in fact if they can just use 1.9 it may not be a problem), but we should think
about how/when to upgrade avro.
was (Author: zentol):
[~twalthr] Could you find someone to gauge how difficult this would be?
> Upgrade to Avro version 1.9.2 from 1.8.2
> ----------------------------------------
>
> Key: FLINK-18192
> URL: https://issues.apache.org/jira/browse/FLINK-18192
> Project: Flink
> Issue Type: Improvement
> Components: Build System, Formats (JSON, Avro, Parquet, ORC,
> SequenceFile)
> Reporter: Lucas Heimberg
> Priority: Major
> Fix For: 1.12.0
>
>
> As of version 1.11, Flink (i.e., flink-avro) still uses Avro in version 1.8.2.
> Avro 1.9.2 contains many bugfixes, in particular in respect to the support
> for logical types. A further advantage would be that an upgrade to Avro 1.9.2
> would also allow to use the Confluent Schema Registry client and Avro
> deserializer in version 5.5.0, which finally support schema references.
> Therefore it would be great if Flink could make use of Avro 1.9.2 or higher
> in future releases.
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
