From 694645fe303f0c2b1891b64ce8c4287fbdb4f0c7 Mon Sep 17 00:00:00 2001 From: Derrick Williams Date: Tue, 6 May 2025 14:41:47 +0000 Subject: [PATCH] Fix parquet-avro vulnerability in io expansion service --- sdks/java/io/expansion-service/build.gradle | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sdks/java/io/expansion-service/build.gradle b/sdks/java/io/expansion-service/build.gradle index 66a68a1e593b..6283aa3811cc 100644 --- a/sdks/java/io/expansion-service/build.gradle +++ b/sdks/java/io/expansion-service/build.gradle @@ -33,6 +33,9 @@ applyJavaNature( configurations.runtimeClasspath { // Pin kafka-clients version due to <3.4.0 missing auth callback classes. resolutionStrategy.force 'org.apache.kafka:kafka-clients:3.9.0' + + // Pin org.apache.parquet:parquet-avro to a non-vulnerable version compatible. + resolutionStrategy.force 'org.apache.parquet:parquet-avro:1.15.1' } shadowJar {