Re: [DISCUSS] Fix CVE-2025-30065 on 1.8.x / 1.7.x / 1.6.x?

Hey Manu, Thanks for bringing this up. Sorry for not getting back to you sooner. I saw the ping on GitHub, but I was traveling and at the summit, so I didn't get to it. The main question is, do we know if the vulnerable code path is used by Iceberg? I put in a breakpoint at the checkSecurity

[DISCUSS] Fix CVE-2025-30065 on 1.8.x / 1.7.x / 1.6.x?

Hi all, https://nvd.nist.gov/vuln/detail/CVE-2025-30065 (10.0 critical) has been fixed on the main branch for 1.9+ (upgrade parquet to 1.15.1). Shall we fix on 1.8.x, 1.7.x and 1.6.x? There's an open issue[1] and PRs for 1.7.x[2] and 1.6.x[3] 1. https://github.com/apache/iceberg/issues/12749 2.