Clarity

 View Only
Expand all | Collapse all

Query regarding CVE-2024-47561 Apache Avro Java SDK vulnerability

  • 1.  Query regarding CVE-2024-47561 Apache Avro Java SDK vulnerability

    Posted Oct 24, 2024 07:57 AM

    Hi 

    This is regarding a vulnerability identified by security team. Please let us know if this has any impacts to Clarity and Jaspersoft.

    Vulnerability Details:
    CVE-2024-47561, in Apache Avro Java SDK that could allow threat actors to execute arbitrary code when parsing user provided Avro schemas.

    Current Clarity version: 16.0.0
    To be Upgraded Clarity Version: 16.2.0 (Planned from 17-OCT-24)

    Current Jasper version: 7.8
    To be Upgraded Jasper Version: 8.1 (Planned from 19-OCT-24)

    Thanks.



  • 2.  RE: Query regarding CVE-2024-47561 Apache Avro Java SDK vulnerability

    Broadcom Employee
    Posted Oct 25, 2024 08:19 AM

    I would recommend to start upgrading to 16.2.3 or higher as 16.0 will be end of life soon, here is our life cycle page 

    I see you are upgrading to 16.2 and this impacts Apache Avro Java SDK and we dont use those library in clarity and you can review our Third-Party Software Agreements available in our documentation. 



    ------------------------------
    Thanks & Regards
    Suman Pramanik
    Senior Principal Support Engineer | Agile Operations Division
    Broadcom Software
    ------------------------------