Skip to content

update parquet-avro to resolve CVE-2025-30065#17874

Merged
cryptoe merged 2 commits intoapache:masterfrom
janjwerner-confluent:update_parquet_avro
Apr 4, 2025
Merged

update parquet-avro to resolve CVE-2025-30065#17874
cryptoe merged 2 commits intoapache:masterfrom
janjwerner-confluent:update_parquet_avro

Conversation

@janjwerner-confluent
Copy link
Copy Markdown
Contributor

@janjwerner-confluent janjwerner-confluent commented Apr 4, 2025
edited
Loading

Description

Update third-party dependency: parquet-avro to address CVE-2025-30065

Release note

Update: parquet-avro from 1.13.0 to 1.15.1 to resolve CVE-2025-30065

This PR has:

  • been self-reviewed.
  • added documentation for new or modified features or behaviors.
  • a release note entry in the PR description.
  • added Javadocs for most classes and all non-trivial methods. Linked related entities via Javadoc links.
  • added or updated version, license, or notice information in licenses.yaml
  • added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader.
  • added unit tests or modified existing tests to cover new code paths, ensuring the threshold for code coverage is met.
  • added integration tests.
  • been tested in a test Druid cluster.

@kgyrtkirk kgyrtkirk added this to the 33.0.0 milestone Apr 4, 2025
@cryptoe cryptoe merged commit 5fcd2cf into apache:master Apr 4, 2025
75 of 76 checks passed
@cryptoe
Copy link
Copy Markdown
Contributor

cryptoe commented Apr 4, 2025

Failures look unrelated and should be addressed by #17877

@cryptoe
Copy link
Copy Markdown
Contributor

cryptoe commented Apr 4, 2025

Thanks for the fix @janjwerner-confluent

cryptoe pushed a commit to cryptoe/druid that referenced this pull request Apr 4, 2025
@janjwerner-confluent @cryptoe
update parquet-avro to resolve CVE-2025-30065 (apache#17874)
6d5b88c 
* update parquet-avro to resolve CVE-2025-30065

* add missing license for updated parquet

(cherry picked from commit 5fcd2cf)
gianm added a commit to gianm/druid that referenced this pull request Apr 5, 2025
@gianm
Update all profiles to Parquet 1.15.1.
dcb89cc 
PR apache#17874 missed one of the version tags, which would affect certain
build profiles.
@gianm gianm mentioned this pull request Apr 5, 2025
Merged
kgyrtkirk pushed a commit that referenced this pull request Apr 5, 2025
@gianm
Update all profiles to Parquet 1.15.1. (#17882)
ae6c137 
PR #17874 missed one of the version tags, which would affect certain
build profiles.
kgyrtkirk pushed a commit that referenced this pull request Apr 5, 2025
@janjwerner-confluent @kgyrtkirk
update parquet-avro to resolve CVE-2025-30065 (#17874)
d1c8735 
* update parquet-avro to resolve CVE-2025-30065

* add missing license for updated parquet

(cherry picked from commit 5fcd2cf)
kgyrtkirk pushed a commit that referenced this pull request Apr 5, 2025
@gianm @kgyrtkirk
Update all profiles to Parquet 1.15.1. (#17882)
6d22a0d 
PR #17874 missed one of the version tags, which would affect certain
build profiles.

(cherry picked from commit ae6c137)
@janjwerner-confluent janjwerner-confluent deleted the update_parquet_avro branch April 14, 2025 17:55
vivek807 added a commit to deep-bi/druid that referenced this pull request May 16, 2025
@vivek807
Created a new patch 30.0.1-patch4 with the following changes backported:
1c55388 
- apache#17882
- apache#17874
vivek807 added a commit to deep-bi/druid that referenced this pull request May 16, 2025
@vivek807
Backported
3a96d5e 
- [17882](apache#17882)
- [17874](apache#17874)
nozjkoitop pushed a commit to deep-bi/druid that referenced this pull request Jun 4, 2025
@vivek807 @nozjkoitop
Backported
225f7c6 
- [17882](apache#17882)
- [17874](apache#17874)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cryptoe cryptoe cryptoe approved these changes

Assignees

No one assigned

Labels

Area - Dependencies

Projects

None yet

Milestone

33.0.0

Development

Successfully merging this pull request may close these issues.

3 participants

@janjwerner-confluent @cryptoe @kgyrtkirk