CVE-2024-47561: we upgraded Avro and Apache Pulsar

On October 4th, we were informed of a schema parsing vulnerability in the Java SDK of Apache Avro 1.11.3 and previous versions, allowing bad actors to execute arbitrary code. Our security team instantly made sanity checks, and listed impacted services.

We upgraded our tools using Avro to 1.11.4. As Apache Pulsar was impacted, we upgraded our cluster to version 3.3.2. The complete rolling of these updates is now ended, without any impact to our users. You can contact our support team if you have further questions about this topic.