Fixed Issues in Avro

Cloudera Runtime 7.1.9 SP2 resolves identified Avro functional errors and includes technical patches to improve service stability and performance.

CDPD-99440: Code injection vulnerability in Apache Avro Java SDK

An improper Control of Generation of Code (Code Injection) vulnerability exists in the Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects all Apache Avro Java SDK versions through 1.11.4 and version 1.12.0. The fix introduces a patch to address CVE-2025-33042. Users are recommended to upgrade to version 1.12.1 or 1.11.5, which fix the issue.