This is an automated email from the ASF dual-hosted git repository.
stevel pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/hadoop.git
The following commit(s) were added to refs/heads/trunk by this push:
new d9bcee929e7 HADOOP-19289. Upgrade to protobuf-java 3.25.5 (#7072)
d9bcee929e7 is described below
commit d9bcee929e78f42489bf9f867b89a10aa7300de3
Author: PJ Fanning <pjfann...@users.noreply.github.com>
AuthorDate: Mon Jan 27 12:38:24 2025 +0100
HADOOP-19289. Upgrade to protobuf-java 3.25.5 (#7072)
Addresses CVE-2024-7254
Contributed by PJ Fanning
---
LICENSE-binary | 2 +-
hadoop-project/pom.xml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/LICENSE-binary b/LICENSE-binary
index 45e756a2ecf..8f3754267b0 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -395,7 +395,7 @@
hadoop-hdfs-project/hadoop-hdfs/src/main/webapps/static/d3-3.5.17.min.js
leveldb v1.13
com.google.protobuf:protobuf-java:2.5.0
-com.google.protobuf:protobuf-java:3.25.3
+com.google.protobuf:protobuf-java:3.25.5
com.google.re2j:re2j:1.1
com.jcraft:jsch:0.1.55
com.thoughtworks.paranamer:paranamer:2.3
diff --git a/hadoop-project/pom.xml b/hadoop-project/pom.xml
index 30fa86808de..4384ebffcc5 100644
--- a/hadoop-project/pom.xml
+++ b/hadoop-project/pom.xml
@@ -93,7 +93,7 @@
<!-- Protobuf scope in other modules which explicitly import the libarary
-->
<transient.protobuf2.scope>${common.protobuf2.scope}</transient.protobuf2.scope>
<!-- ProtocolBuffer version, actually used in Hadoop -->
- <hadoop.protobuf.version>3.23.4</hadoop.protobuf.version>
+ <hadoop.protobuf.version>3.25.5</hadoop.protobuf.version>
<protoc.path>${env.HADOOP_PROTOC_PATH}</protoc.path>
<hadoop-thirdparty.version>1.3.0</hadoop-thirdparty.version>
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-commits-h...@hadoop.apache.org
