Sure, did you search the JIRA?
https://issues.apache.org/jira/browse/SPARK-38340
Does this affect Spark's usage of protobuf?
Looks like it can't be updated to 3.x -- this is really not a dependency of
Spark but underlying dependencies.
Feel free to re-attempt a change that might work, at least
Hi Dev Team
Spark is using protobuf 2.5.0 which is vulnerable to CVE-2021-22569. CVE
recommends to use protobuf 3.19.2
Please let me know , if there is a jira to track the update w.r.t CVE and
Spark or should I create the one ?
Regards
Pralabh Kumar
