Comments (3)
ewencp
commented on September 27, 2024
The dependency version info can be lifted up into this pom.xml, but we already have commons-compress at 1.21 in ksqldb, schema-registry, connect-replicator, control-center, etc. I think that has also been backported to all supported versions.
A version upgrade for Avro needs to be handled carefully as we'd need to check for any incompatibilities, especially in backporting to earlier versions. Given the issue is already addressed by pinning the commons-compress version, I'm not sure we'd want to do more here other than updating master to the new version after evaluating any potential compatibility issues.
from common.
esikgabi
commented on September 27, 2024
It seems the avro version was upgraded: a4eed43
Which release will contain this change?
Is there any place where we can check the planned releases? (time and contained features/fixes)
Thanks
from common.
junquero
commented on September 27, 2024
Avro version 1.11.0 has a transitive dependency with jackson-databind that has the CVE-2020-36518 which has been updated in avro 1.11.1.
from common.
Related Issues (20)
- Add Support for Avro 1.9.0 HOT 2
- Cannot resolve org.apache.kafka:connect-json:5.5.0-ccs-SNAPSHOT HOT 3
- Build failure for common-logging
- Add support for Scala 2.13 HOT 5
- Sources jars are missing in Maven repository
- Build failure - HOT 1
- The POM for io.confluent:resolver-maven-plugin:jar:0.4.0 is missing, no dependency information available
- Latest version of master doesn't build HOT 4
- Zookeeper throws timeout after several restarts of nodes HOT 1
- Build of 6.1.0-post branch and v6.1.0 tag fails HOT 5
- Log4J security vulnerability verification HOT 1
- Unable to resolve the assembly-plugin-boilerplate 6.0.3 jar file HOT 2
- Mac M1 docker error building base with Spotify `microdef` `returned a non-zero code: 1` HOT 1
- Cannot build master and latest 7.3.1-post branch HOT 1
- logredactor project lost? HOT 1
- mvn clean install -X on version 7.4.1-post fails with installed_pom.xml not exists
- Affected by CVE-2023-4586 due to dependency with netty HOT 1
- Delete The Issue
- Jars since v7.5.3 not being published to Confluent public Maven repo HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from common.