The Apache Avro community is pleased to announce the release of Avro 1.12.1! All signed release artifacts, signatures and verification instructions can be found here Security Fixes This release addresses 4 security fixes: Prevent class with empty Java package being trusted by SpecificDatumReader (#3311) Remove the default serializable packages and deprecated the property to introduce org.apache.avro.SERIALIZABLE_CLASSES instead (#3376) java-[key-]class allowed packages must be packages (#3453...
