From 5b6b16fc8ca5369ebc5112d77296b750547e2374 Mon Sep 17 00:00:00 2001 From: Lari Hotari Date: Fri, 15 May 2026 15:02:33 +0300 Subject: [PATCH 1/4] [fix][sec] Upgrade avro to 1.12.1 --- distribution/server/src/assemble/LICENSE.bin.txt | 4 ++-- distribution/shell/src/assemble/LICENSE.bin.txt | 4 ++-- gradle/libs.versions.toml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt index 33680fdb8f1f8..547893a863dea 100644 --- a/distribution/server/src/assemble/LICENSE.bin.txt +++ b/distribution/server/src/assemble/LICENSE.bin.txt @@ -476,8 +476,8 @@ The Apache Software License, Version 2.0 * zt-zip - org.zeroturnaround-zt-zip-1.17.jar * Apache Avro - - org.apache.avro-avro-1.12.0.jar - - org.apache.avro-avro-protobuf-1.12.0.jar + - org.apache.avro-avro-1.12.1.jar + - org.apache.avro-avro-protobuf-1.12.1.jar * Apache Curator - org.apache.curator-curator-client-5.7.1.jar - org.apache.curator-curator-framework-5.7.1.jar diff --git a/distribution/shell/src/assemble/LICENSE.bin.txt b/distribution/shell/src/assemble/LICENSE.bin.txt index 5391865926e51..4f937bea86f2f 100644 --- a/distribution/shell/src/assemble/LICENSE.bin.txt +++ b/distribution/shell/src/assemble/LICENSE.bin.txt @@ -420,8 +420,8 @@ The Apache Software License, Version 2.0 * Google Error Prone Annotations - error_prone_annotations-2.45.0.jar * Javassist -- javassist-3.25.0-GA.jar * Apache Avro - - avro-1.12.0.jar - - avro-protobuf-1.12.0.jar + - avro-1.12.1.jar + - avro-protobuf-1.12.1.jar * RE2j -- re2j-1.8.jar * Spotify completable-futures -- completable-futures-0.3.6.jar * RoaringBitmap -- RoaringBitmap-1.6.9.jar diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 41a8ff4714356..7c964b58563d1 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -61,7 +61,7 @@ bouncycastle-bcpkix-fips = "2.0.11" bouncycastle-bcutil-fips = "2.0.6" bouncycastle-bc-fips = "2.0.1" # Serialization -avro = "1.12.0" +avro = "1.12.1" gson = "2.13.2" snakeyaml = "2.0" # Vert.x From 75f7ff71d6a492c857bd0547e69d1b92446ab3f1 Mon Sep 17 00:00:00 2001 From: Lari Hotari Date: Fri, 15 May 2026 15:03:55 +0300 Subject: [PATCH 2/4] Protobuf schema now contains a default for enum types --- .../pulsar/client/impl/schema/ProtobufSchemaTest.java | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/pulsar-client/src/test/java/org/apache/pulsar/client/impl/schema/ProtobufSchemaTest.java b/pulsar-client/src/test/java/org/apache/pulsar/client/impl/schema/ProtobufSchemaTest.java index b32614d9f24f7..661deac5ea59a 100644 --- a/pulsar-client/src/test/java/org/apache/pulsar/client/impl/schema/ProtobufSchemaTest.java +++ b/pulsar-client/src/test/java/org/apache/pulsar/client/impl/schema/ProtobufSchemaTest.java @@ -37,6 +37,8 @@ import lombok.CustomLog; import org.apache.avro.Schema; import org.apache.pulsar.common.schema.SchemaType; +import org.json.JSONException; +import org.skyscreamer.jsonassert.JSONAssert; import org.testng.Assert; import org.testng.annotations.Test; @@ -51,7 +53,7 @@ public class ProtobufSchemaTest { + "\"avro.java.string\":\"String\"},\"default\":\"\"},{\"name\":\"doubleField\"," + "\"type\":\"double\",\"default\":0.0},{\"name\":\"intField\",\"type\":\"int\"," + "\"default\":0},{\"name\":\"testEnum\",\"type\":{\"type\":\"enum\"," - + "\"name\":\"TestEnum\",\"symbols\":[\"SHARED\",\"FAILOVER\"]}," + + "\"name\":\"TestEnum\",\"symbols\":[\"SHARED\",\"FAILOVER\"],\"default\":\"SHARED\"}," + "\"default\":\"SHARED\"},{\"name\":\"nestedField\"," + "\"type\":[\"null\",{\"type\":\"record\",\"name\":\"SubMessage\"," + "\"fields\":[{\"name\":\"foo\",\"type\":{\"type\":\"string\"," @@ -136,7 +138,7 @@ public void testSchemaApiSupportsMessageBound() { } @Test - public void testSchema() { + public void testSchema() throws JSONException { ProtobufSchema protobufSchema = ProtobufSchema.of(org.apache.pulsar.client.schema.proto.Test.TestMessage.class); @@ -145,8 +147,7 @@ public void testSchema() { String schemaJson = new String(protobufSchema.getSchemaInfo().getSchema()); Schema.Parser parser = new Schema.Parser(); Schema schema = parser.parse(schemaJson); - - Assert.assertEquals(schema.toString(), EXPECTED_SCHEMA_JSON); + JSONAssert.assertEquals(schema.toString(), EXPECTED_SCHEMA_JSON, false); } @Test From 3c5118c0f73a26c5c7528f07145c461d635e43a7 Mon Sep 17 00:00:00 2001 From: Lari Hotari Date: Fri, 15 May 2026 15:07:12 +0300 Subject: [PATCH 3/4] upgrade to avro 1.12.2 --- distribution/server/src/assemble/LICENSE.bin.txt | 4 ++-- distribution/shell/src/assemble/LICENSE.bin.txt | 4 ++-- gradle/libs.versions.toml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt index 547893a863dea..7bc35db0f009c 100644 --- a/distribution/server/src/assemble/LICENSE.bin.txt +++ b/distribution/server/src/assemble/LICENSE.bin.txt @@ -476,8 +476,8 @@ The Apache Software License, Version 2.0 * zt-zip - org.zeroturnaround-zt-zip-1.17.jar * Apache Avro - - org.apache.avro-avro-1.12.1.jar - - org.apache.avro-avro-protobuf-1.12.1.jar + - org.apache.avro-avro-1.12.2.jar + - org.apache.avro-avro-protobuf-1.12.2.jar * Apache Curator - org.apache.curator-curator-client-5.7.1.jar - org.apache.curator-curator-framework-5.7.1.jar diff --git a/distribution/shell/src/assemble/LICENSE.bin.txt b/distribution/shell/src/assemble/LICENSE.bin.txt index 4f937bea86f2f..1e8ccc3e2e9dc 100644 --- a/distribution/shell/src/assemble/LICENSE.bin.txt +++ b/distribution/shell/src/assemble/LICENSE.bin.txt @@ -420,8 +420,8 @@ The Apache Software License, Version 2.0 * Google Error Prone Annotations - error_prone_annotations-2.45.0.jar * Javassist -- javassist-3.25.0-GA.jar * Apache Avro - - avro-1.12.1.jar - - avro-protobuf-1.12.1.jar + - avro-1.12.2.jar + - avro-protobuf-1.12.2.jar * RE2j -- re2j-1.8.jar * Spotify completable-futures -- completable-futures-0.3.6.jar * RoaringBitmap -- RoaringBitmap-1.6.9.jar diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 7c964b58563d1..464dcb0b95a4f 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -61,7 +61,7 @@ bouncycastle-bcpkix-fips = "2.0.11" bouncycastle-bcutil-fips = "2.0.6" bouncycastle-bc-fips = "2.0.1" # Serialization -avro = "1.12.1" +avro = "1.12.2" gson = "2.13.2" snakeyaml = "2.0" # Vert.x From 2e72754335f87958f4c9c9bb8ac72e0928a31fa3 Mon Sep 17 00:00:00 2001 From: Lari Hotari Date: Fri, 15 May 2026 15:59:16 +0300 Subject: [PATCH 4/4] Add system property required by avro tests --- .../src/main/kotlin/pulsar.java-conventions.gradle.kts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/build-logic/conventions/src/main/kotlin/pulsar.java-conventions.gradle.kts b/build-logic/conventions/src/main/kotlin/pulsar.java-conventions.gradle.kts index ee61c0b094dad..abda580ba7151 100644 --- a/build-logic/conventions/src/main/kotlin/pulsar.java-conventions.gradle.kts +++ b/build-logic/conventions/src/main/kotlin/pulsar.java-conventions.gradle.kts @@ -192,6 +192,8 @@ tasks.withType().configureEach { "-Dpulsar.allocator.out_of_memory_policy=FallbackToHeap", "-Dpulsar.test.preventExit=true", ) + // Avro 1.12.1+ makes Avro serialization strict + systemProperty("org.apache.avro.SERIALIZABLE_CLASSES", "java.math.BigDecimal,java.math.BigInteger,java.net.URI,java.net.URL,java.io.File,java.lang.Integer") } // Expose test classes for cross-module test dependencies (Maven test-jar equivalent)