From c88c27f852a8c90ef87ef481ac446634230fb1a7 Mon Sep 17 00:00:00 2001
From: David Venable <dlv@amazon.com>
Date: Mon, 27 Nov 2023 10:58:50 -0800
Subject: [PATCH] Require Apache Avro 1.11.3 to fix CVE-2023-39410. Resolves
 #3430. (#3695)

Signed-off-by: David Venable <dlv@amazon.com>
---
 build.gradle | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/build.gradle b/build.gradle
index 0ac5e77554..1fbb592321 100644
--- a/build.gradle
+++ b/build.gradle
@@ -98,6 +98,12 @@ subprojects {
         testImplementation testLibs.hamcrest
         testImplementation testLibs.awaitility
         constraints {
+            implementation('org.apache.avro:avro') {
+                version {
+                    require '1.11.3'
+                }
+                because 'Fixes CVE-2023-39410.'
+            }
             implementation('org.apache.httpcomponents:httpclient') {
                 version {
                     require '4.5.14'