[ https://issues.apache.org/jira/browse/KUDU-3494?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17745941#comment-17745941 ]
ASF subversion and git services commented on KUDU-3494: ------------------------------------------------------- Commit 1487dabe41418ff8f8aeadf35ad81f18d08c0c38 in kudu's branch refs/heads/branch-1.16.x from Alexey Serbin [ https://gitbox.apache.org/repos/asf?p=kudu.git;h=1487dabe4 ] KUDU-3494 upgrade protobuf up to 3.21.12 This is to address a vulnerability in protobuf 3.19.3 [1][2] [1] https://nvd.nist.gov/vuln/detail/CVE-2022-3509 [2] https://nvd.nist.gov/vuln/detail/CVE-2022-3510 Change-Id: I4a7c69e3eeae1afbddccb2867ecd40e04807a139 Reviewed-on: http://gerrit.cloudera.org:8080/20233 Tested-by: Kudu Jenkins Reviewed-by: Yingchun Lai <laiyingc...@apache.org> (cherry picked from commit 68009e8ab4c685ac90309ed010301ca97d961a83) Reviewed-on: http://gerrit.cloudera.org:8080/20245 Tested-by: Yingchun Lai <laiyingc...@apache.org> > Protobuf CVE CVE-2022-3510 > -------------------------- > > Key: KUDU-3494 > URL: https://issues.apache.org/jira/browse/KUDU-3494 > Project: Kudu > Issue Type: Bug > Affects Versions: 1.16.0 > Reporter: Colm O hEigeartaigh > Priority: Major > Fix For: 1.17.0, 1.16.1 > > > There is a CVE in protobuf 3.19.3 > [https://github.com/apache/kudu/blob/5659541d15c5490d25ca207c4f63b249986fbfe6/java/gradle/dependencies.gradle#L54] > [https://nvd.nist.gov/vuln/detail/CVE-2022-3509] > [https://nvd.nist.gov/vuln/detail/CVE-2022-3510] > Please update to 3.19.6. -- This message was sent by Atlassian Jira (v8.20.10#820010)