Hello,
a critical security vulnerability (CVE-2025-30065) has been discovered in Apache Parquet’s Java library, specifically in the parquet-avro module, which seems to be used in Dremio (dremio-oss/sabot/kernel/pom.xml at c7fee0bcd44c928c0ff57481dd6a484c4caeae33 · dremio/dremio-oss · GitHub).
Do you have an estimate of when a fix will be available (for both the Enterprise and OSS variants)?
Best Regards
Nico