Merge pull request #302 from cdapio/fix-sec-vuln

[Security Vulnerability] CVE-2024-47561: Exclude org.apache.avro:avro
cdapio · Oct 25, 2024 · 54c35f4 · 54c35f4
2 parents 3871c4d + a847c1a
commit 54c35f4
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/cdap-sentry/cdap-sentry-extension/cdap-sentry-binding/pom.xml b/cdap-sentry/cdap-sentry-extension/cdap-sentry-binding/pom.xml
@@ -58,6 +58,12 @@
     <dependency>
       <groupId>org.apache.hadoop</groupId>
       <artifactId>hadoop-common</artifactId>
+      <exclusions>
+        <exclusion>
+          <groupId>org.apache.avro</groupId>
+          <artifactId>avro</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>org.apache.zookeeper</groupId>