Require Apache Avro 1.11.3 to fix CVE-2023-39410. Resolves #3430. (#3695

) Signed-off-by: David Venable <[email protected]>
opensearch-project · Nov 27, 2023 · c88c27f · c88c27f
1 parent b8fcffd
commit c88c27f
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/build.gradle b/build.gradle
@@ -98,6 +98,12 @@ subprojects {
         testImplementation testLibs.hamcrest
         testImplementation testLibs.awaitility
         constraints {
+            implementation('org.apache.avro:avro') {
+                version {
+                    require '1.11.3'
+                }
+                because 'Fixes CVE-2023-39410.'
+            }
             implementation('org.apache.httpcomponents:httpclient') {
                 version {
                     require '4.5.14'