[ANNOUNCE] Call for Presentations now open: Community over Code EU 2024

will foster lively discussions and facilitate networking opportunities among participants. All my best, and thanks so much for your participation, Ryan Skraba (on behalf of the program committee) [Countdown]: https://www.timeanddate.com/countdown/to?iso=20240112T2359&p0=1440

CVE-2023-39410: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK

Severity: low Affected versions: - Apache Avro Java SDK before 1.11.3 Description: When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications u

[ANNOUNCE] Apache Avro 1.11.3 released

The Apache Avro community is pleased to announce the release of Avro 1.11.3! All signed release artifacts, signatures and verification instructions can be found here: https://avro.apache.org/releases.html This is a minor release, specifically addressing known issues with the 1.11.2 release, but a

[ANNOUNCE] Call for Tracks - Community over Code EU 2024 Bratislava

casing high-level projects and incubator initiatives in a visually engaging manner. We believe this will foster lively discussions and facilitate networking opportunities among participants. All my best, and thanks so much for your participation, Ryan Skraba (on behalf of the program committee)

[ANNOUNCE] Apache Avro 1.11.2 released

The Apache Avro community is pleased to announce the release of Avro 1.11.2! All signed release artifacts, signatures and verification instructions can be found here: https://avro.apache.org/releases.html This release addresses ~89 Avro JIRA, including some interesting highlights: C# - AVRO-3434

CVE-2022-35724: Apache Avro: Denial of service while reading data in Avro Rust SDK

Severity: important Description: It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro versi

CVE-2022-36124: Apache Avro: Memory overconsumption in Avro Rust SDK

Severity: moderate Description: It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apac

CVE-2022-36125: Apache Avro: Integer overflow when reading corrupted .avro file in Avro Rust SDK

Severity: important Description: It is possible to crash (panic) an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addr

[ANNOUNCE] Apache Avro 1.11.1 released

The Apache Avro community is pleased to announce the release of Avro 1.11.0! All signed release artifacts, signatures and verification instructions can be found here: https://avro.apache.org/releases.html This release includes ~250 Jira issues, including some interesting features: Some interesti

CVE-2021-43045: Apache Avro: Possible DOS vulnerabilities in C# Avro SDK

Description: A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which

[ANNOUNCE] Apache Avro 1.11.0 released

The Apache Avro community is pleased to announce the release of Avro 1.11.0! All signed release artifacts, signatures and verification instructions can be found here: https://avro.apache.org/releases.html This release includes 120 Jira issues, including some interesting features: Specification:

[ANNOUNCE] Apache Avro 1.10.2 released

The Apache Avro community is pleased to announce the release of Avro 1.10.2! All signed release artifacts, signatures and verification instructions can be found here: https://avro.apache.org/releases.html This release includes 31 Jira issues, including some interesting features: C#: AVRO-3005 Su

[ANNOUNCE] Apache Avro 1.10.1 released

The Apache Avro community is pleased to announce the release of Avro 1.10.1! All signed release artifacts, signatures and verification instructions can be found here: https://avro.apache.org/releases.html This release includes 33 Jira issues, including some interesting features: C#: AVRO-2750 Su

[ANNOUNCE] Apache Avro 1.10.0 released

The Apache Avro community is pleased to announce the release of Avro 1.10.1! All signed release artifacts, signatures and verification instructions can be found here: https://avro.apache.org/releases.html This release includes 33 Jira issues, including some interesting features: C#: AVRO-2750 Su

[ANNOUNCE] Apache Avro 1.9.2 released

https://issues.apache.org/jira/browse/AVRO-2737 * Ruby: https://rubygems.org/gems/avro/versions/1.9.2 Thanks to everyone for contributing! Ryan Skraba