From 50d7f1a1111fbd54bce2c33c04d87a2282e3116d Mon Sep 17 00:00:00 2001 From: dao-jun Date: Fri, 15 May 2026 19:48:41 +0800 Subject: [PATCH] Update avro to 1.12.1 to address CVE-2025-33042 --- distribution/server/src/assemble/LICENSE.bin.txt | 2 +- distribution/shell/src/assemble/LICENSE.bin.txt | 2 +- gradle/libs.versions.toml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt index 33680fdb8f1f8..42d8267bc49cb 100644 --- a/distribution/server/src/assemble/LICENSE.bin.txt +++ b/distribution/server/src/assemble/LICENSE.bin.txt @@ -476,7 +476,7 @@ The Apache Software License, Version 2.0 * zt-zip - org.zeroturnaround-zt-zip-1.17.jar * Apache Avro - - org.apache.avro-avro-1.12.0.jar + - org.apache.avro-avro-1.12.1.jar - org.apache.avro-avro-protobuf-1.12.0.jar * Apache Curator - org.apache.curator-curator-client-5.7.1.jar diff --git a/distribution/shell/src/assemble/LICENSE.bin.txt b/distribution/shell/src/assemble/LICENSE.bin.txt index 5391865926e51..b0d41da9c3535 100644 --- a/distribution/shell/src/assemble/LICENSE.bin.txt +++ b/distribution/shell/src/assemble/LICENSE.bin.txt @@ -420,7 +420,7 @@ The Apache Software License, Version 2.0 * Google Error Prone Annotations - error_prone_annotations-2.45.0.jar * Javassist -- javassist-3.25.0-GA.jar * Apache Avro - - avro-1.12.0.jar + - avro-1.12.1.jar - avro-protobuf-1.12.0.jar * RE2j -- re2j-1.8.jar * Spotify completable-futures -- completable-futures-0.3.6.jar diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 41a8ff4714356..7c964b58563d1 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -61,7 +61,7 @@ bouncycastle-bcpkix-fips = "2.0.11" bouncycastle-bcutil-fips = "2.0.6" bouncycastle-bc-fips = "2.0.1" # Serialization -avro = "1.12.0" +avro = "1.12.1" gson = "2.13.2" snakeyaml = "2.0" # Vert.x