From 45bfab8e32c15dfdc3ff3199198b945d46623960 Mon Sep 17 00:00:00 2001 From: Danny McCormick Date: Mon, 14 Oct 2024 10:50:00 -0400 Subject: [PATCH 1/3] Bump avro, fix CVE-2024-47561 --- CHANGES.md | 1 + .../groovy/org/apache/beam/gradle/BeamModulePlugin.groovy | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index be4e0ba4d0f6..fc57f7e909e8 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -82,6 +82,7 @@ ## Security Fixes * Fixed (CVE-YYYY-NNNN)[https://www.cve.org/CVERecord?id=CVE-YYYY-NNNN] (Java/Python/Go) ([#X](https://github.com/apache/beam/issues/X)). +* Fixed (CVE-2024-47561)[https://www.cve.org/CVERecord?id=CVE-2024-47561] (Java) by upgrading Avro version to 1.11.4 ## Known Issues diff --git a/buildSrc/src/main/groovy/org/apache/beam/gradle/BeamModulePlugin.groovy b/buildSrc/src/main/groovy/org/apache/beam/gradle/BeamModulePlugin.groovy index a7e129211757..44445defd22f 100644 --- a/buildSrc/src/main/groovy/org/apache/beam/gradle/BeamModulePlugin.groovy +++ b/buildSrc/src/main/groovy/org/apache/beam/gradle/BeamModulePlugin.groovy @@ -668,8 +668,8 @@ class BeamModulePlugin implements Plugin { antlr_runtime : "org.antlr:antlr4-runtime:4.7", args4j : "args4j:args4j:2.33", auto_value_annotations : "com.google.auto.value:auto-value-annotations:$autovalue_version", - avro : "org.apache.avro:avro:1.11.3", - avro_tests : "org.apache.avro:avro:1.11.3:tests", + avro : "org.apache.avro:avro:1.11.4", + avro_tests : "org.apache.avro:avro:1.11.4:tests", aws_java_sdk_cloudwatch : "com.amazonaws:aws-java-sdk-cloudwatch:$aws_java_sdk_version", aws_java_sdk_core : "com.amazonaws:aws-java-sdk-core:$aws_java_sdk_version", aws_java_sdk_dynamodb : "com.amazonaws:aws-java-sdk-dynamodb:$aws_java_sdk_version", From 490e36f1dad1ce7e2a0564159475fa2ee044c6c2 Mon Sep 17 00:00:00 2001 From: Danny McCormick Date: Mon, 18 Nov 2024 15:59:05 -0500 Subject: [PATCH 2/3] Update BeamModulePlugin.groovy --- .../main/groovy/org/apache/beam/gradle/BeamModulePlugin.groovy | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildSrc/src/main/groovy/org/apache/beam/gradle/BeamModulePlugin.groovy b/buildSrc/src/main/groovy/org/apache/beam/gradle/BeamModulePlugin.groovy index 44445defd22f..62254d3b4277 100644 --- a/buildSrc/src/main/groovy/org/apache/beam/gradle/BeamModulePlugin.groovy +++ b/buildSrc/src/main/groovy/org/apache/beam/gradle/BeamModulePlugin.groovy @@ -669,7 +669,7 @@ class BeamModulePlugin implements Plugin { args4j : "args4j:args4j:2.33", auto_value_annotations : "com.google.auto.value:auto-value-annotations:$autovalue_version", avro : "org.apache.avro:avro:1.11.4", - avro_tests : "org.apache.avro:avro:1.11.4:tests", + avro_tests : "org.apache.avro:avro:1.11.3:tests", aws_java_sdk_cloudwatch : "com.amazonaws:aws-java-sdk-cloudwatch:$aws_java_sdk_version", aws_java_sdk_core : "com.amazonaws:aws-java-sdk-core:$aws_java_sdk_version", aws_java_sdk_dynamodb : "com.amazonaws:aws-java-sdk-dynamodb:$aws_java_sdk_version", From 33ecf540a414b7f1c4d26bd1561aea9d2f89d637 Mon Sep 17 00:00:00 2001 From: Danny Mccormick Date: Mon, 18 Nov 2024 16:44:37 -0500 Subject: [PATCH 3/3] Run Avro tests --- .github/trigger_files/beam_PostCommit_Java_Avro_Versions.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/trigger_files/beam_PostCommit_Java_Avro_Versions.json b/.github/trigger_files/beam_PostCommit_Java_Avro_Versions.json index 1efc8e9e4405..3f63c0c9975f 100644 --- a/.github/trigger_files/beam_PostCommit_Java_Avro_Versions.json +++ b/.github/trigger_files/beam_PostCommit_Java_Avro_Versions.json @@ -1,4 +1,4 @@ { "comment": "Modify this file in a trivial way to cause this test suite to run", - "modification": 1 + "modification": 2 }