[
https://issues.apache.org/jira/browse/KUDU-3494?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alexey Serbin resolved KUDU-3494.
---------------------------------
Resolution: Fixed
Thank you for reporting the issue, [~coheigea]!
The upcoming Kudu 1.17.0 release should contain [the
fix|https://github.com/apache/kudu/commit/5cc5e2029af6c375bb1b2aac8c1d25f400150ea6].
As for 1.16.1, [the fix has been back-ported into the 1.16.x branch of the
git
repo|https://github.com/apache/kudu/commit/1487dabe41418ff8f8aeadf35ad81f18d08c0c38],
but at this point it's not yet clear when maintenance release 1.16.1 of Kudu
is going to be happen.
> Protobuf CVE CVE-2022-3510
> --------------------------
>
> Key: KUDU-3494
> URL: https://issues.apache.org/jira/browse/KUDU-3494
> Project: Kudu
> Issue Type: Bug
> Affects Versions: 1.16.0
> Reporter: Colm O hEigeartaigh
> Priority: Major
> Fix For: 1.17.0, 1.16.1
>
>
> There is a CVE in protobuf 3.19.3
> [https://github.com/apache/kudu/blob/5659541d15c5490d25ca207c4f63b249986fbfe6/java/gradle/dependencies.gradle#L54]
> [https://nvd.nist.gov/vuln/detail/CVE-2022-3509]
> [https://nvd.nist.gov/vuln/detail/CVE-2022-3510]
> Please update to 3.19.6.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
