I would recommend to start upgrading to 16.2.3 or higher as 16.0 will be end of life soon, here is our life cycle page
I see you are upgrading to 16.2 and this impacts Apache Avro Java SDK and we dont use those library in clarity and you can review our Third-Party Software Agreements available in our documentation.
------------------------------
Thanks & Regards
Suman Pramanik
Senior Principal Support Engineer | Agile Operations Division
Broadcom Software
------------------------------
Original Message:
Sent: Oct 24, 2024 06:19 AM
From: GUDUPALLI RAJESH
Subject: Query regarding CVE-2024-47561 Apache Avro Java SDK vulnerability
Hi
This is regarding a vulnerability identified by security team. Please let us know if this has any impacts to Clarity and Jaspersoft.
Vulnerability Details:
CVE-2024-47561, in Apache Avro Java SDK that could allow threat actors to execute arbitrary code when parsing user provided Avro schemas.
Current Clarity version: 16.0.0
To be Upgraded Clarity Version: 16.2.0 (Planned from 17-OCT-24)
Current Jasper version: 7.8
To be Upgraded Jasper Version: 8.1 (Planned from 19-OCT-24)
Thanks.