From 60226ba9a558aff99d8b918421a6cc12035e7e3f Mon Sep 17 00:00:00 2001
From: Abhishek Nath <anath1@linkedin.com>
Date: Tue, 16 Jun 2026 12:12:35 -0700
Subject: [PATCH] =?UTF-8?q?Bump=20Avro=20to=201.11.4=20=E2=80=94=20CVE-202?=
 =?UTF-8?q?4-47561?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 build.gradle | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/build.gradle b/build.gradle
index ec75fd89d..48ad0f196 100644
--- a/build.gradle
+++ b/build.gradle
@@ -30,8 +30,8 @@ ext {
   spark_version = "3.1.1"
   ok_http3_version = "4.11.0"
   junit_version = "5.11.0"
-  iceberg_1_2_version = "1.2.0.17"
-  iceberg_1_5_version = "1.5.2.11"
+  iceberg_1_2_version = "1.2.0.18"
+  iceberg_1_5_version = "1.5.2.14"
   otel_agent_version = "2.12.0" // Bundles OTel SDK 1.47.0
   otel_annotations_version = "2.12.0" // Match agent version
 }
@@ -91,6 +91,7 @@ allprojects {
         force 'com.fasterxml.jackson.core:jackson-databind:2.13.4'
         force 'org.apache.orc:orc-core:1.8.3'
         force 'com.google.guava:guava:33.5.0-jre'
+        force 'org.apache.avro:avro:1.11.4' // CVE-2024-47561; outranks strict transitive pin via iceberg-core
       }
     }
   }