confluentinc/schema-registry

Upgrade org.apache.avro dependency version to address CVE-2024-47561

Closed this issue · 1 comments

Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.
Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fixes this issue.
Guideline: https://avd.aquasec.com/nvd/cve-2024-4756

Avro upgraded to 1.11.4 here confluentinc/common#664