From 00aa7faedfb2ce48ffafadadd7d80580073bf7a8 Mon Sep 17 00:00:00 2001 From: Mathias Vandaele Date: Tue, 26 Nov 2024 09:32:35 +0100 Subject: [PATCH 1/2] fix(cve): Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.12.0, which fix this issue. --- connectors/kafka/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/connectors/kafka/pom.xml b/connectors/kafka/pom.xml index cc360322f0..dd857c4b26 100644 --- a/connectors/kafka/pom.xml +++ b/connectors/kafka/pom.xml @@ -25,7 +25,7 @@ - 1.11.3 + 1.12.0 Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH under one or more contributor license agreements. Licensed under a proprietary license. See the License.txt file for more information. You may not use this file From fb4780231a226f6db5d82dae7ae227701242bcf4 Mon Sep 17 00:00:00 2001 From: Mathias Vandaele Date: Tue, 26 Nov 2024 09:50:59 +0100 Subject: [PATCH 2/2] fix(cve): Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4, which fix this issue. --- connectors/kafka/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/connectors/kafka/pom.xml b/connectors/kafka/pom.xml index dd857c4b26..39c965b426 100644 --- a/connectors/kafka/pom.xml +++ b/connectors/kafka/pom.xml @@ -25,7 +25,7 @@ - 1.12.0 + 1.11.4 Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH under one or more contributor license agreements. Licensed under a proprietary license. See the License.txt file for more information. You may not use this file