Fixed Issues in Apache Avro

Review the list of Avro issues that are resolved in Cloudera Runtime 7.3.1, its service packs and cumulative hotfixes.

Cloudera Runtime 7.3.1.300 SP1 CHF 1

There are no fixed issues in this release.

There are no fixed issues in this release.

CDPD-47852: Removed the old CDH versions and parent: 7.3.1.100; Removed old CDH repository reference for artefacts to support build with newer dependency versions.
CDPD-45628: Upgraded Apache Maven to 3.8.6 due to CVE-2021-26291: 7.3.1.100; Removed the Maven prerequisites of version 2.2.1 and upgrade the maven-core to 3.8.6 to fix CVE-2021-26291. Also, upgraded plexus-utils version to 3.5.0 and Apache file-management version to 3.0.0 to support the upgrade.
CDPD-75089: Restrict trusted packages in ReflectData and SpecificData: 7.3.1.100; Schema parsing in Java SDK of Apache Avro had an issue that allowed malicious actors to execute arbitrary code when reading Avro data. This issue is now resolved by restricting trusted packages in ReflectData and SpecificData.
Apache Jira:AVRO-3985

There are no fixed issues in this release.