You are viewing a plain text version of this content. The canonical link for it is here.

Posted to github@beam.apache.org by GitBox <gi...@apache.org> on 2022/11/21 17:37:56 UTC

[GitHub] [beam] aromanenko-dev opened a new issue, #24292: [Task]: Remove Avro dependency from "sdks/java/core"

aromanenko-dev opened a new issue, #24292:
URL: https://github.com/apache/beam/issues/24292

   ### What needs to happen?
   
   Beam Java SDK still depends on the rather old version of Avro (1.8.2) whereas the latest version of Avro is 1.11.0 for the moment (Avro 1.11.1 is coming soon). Unfortunately, Avro 1.8.2 dependency brings several CVEs, though the latest Avro 1.11.0 brings only one.
   
   Several attempts to bump Beam Avro dependency to more recent ones have been done in the past but all of them were not successful because of different reasons. Mostly, because this update with introduce some incompatible changes that Avro made between the versions and this may affect directly the Beam users and, potentially, it may affect the transitive dependencies while using Beam with other projects that use Avro as well.
   
   It was decided to copy all Java Avro-related code from `sdks/java/core` to a dedicated extension, deprecate old code and finally remove it. 
   
   More details can be found here:
   https://lists.apache.org/thread/47oz1mlwj0orvo1458v5pw5c20bwt08q
   
   ### Issue Priority
   
   Priority: 2
   
   ### Issue Component
   
   Component: io-java-avro


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [I] [Task]: Remove Avro dependency from "sdks/java/core" [beam]

Posted by "aromanenko-dev (via GitHub)" <gi...@apache.org>.

aromanenko-dev closed issue #24292: [Task]: Remove Avro dependency from "sdks/java/core"
URL: https://github.com/apache/beam/issues/24292


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] mosche commented on issue #24292: [Task]: Remove Avro dependency from "sdks/java/core"

Posted by GitBox <gi...@apache.org>.

mosche commented on issue #24292:
URL: https://github.com/apache/beam/issues/24292#issuecomment-1366501798

   Do you want to add a subtask to update https://beam.apache.org/documentation/io/connectors/?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [beam] aromanenko-dev commented on issue #24292: [Task]: Remove Avro dependency from "sdks/java/core"

Posted by GitBox <gi...@apache.org>.

aromanenko-dev commented on issue #24292:
URL: https://github.com/apache/beam/issues/24292#issuecomment-1366564375

   @mosche Good point, added. Thanks!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org