[
https://issues.apache.org/jira/browse/KUDU-3629?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17901556#comment-17901556
]
Alexey Serbin commented on KUDU-3629:
-------------------------------------
{quote}
This affects Trino and any other application using the client and introduces
these CVEs into security scans of these applications .. obviously thats rather
bad.
{quote}
Thanks for the report.
What are 'these CVEs'? Could you please be more specific and provide CVE
numbers?
Also, the original description mentions kudu-client of 1.17.1, but the affected
version for this JIRA item is shown as 1.17.0. Could you please clarify on
that as well?
> 2 high CVEs in kudu-client
> --------------------------
>
> Key: KUDU-3629
> URL: https://issues.apache.org/jira/browse/KUDU-3629
> Project: Kudu
> Issue Type: Bug
> Components: client
> Affects Versions: 1.17.0
> Reporter: Mateusz Gajewski
> Priority: Major
>
> There are outdated protobuf and netty libraries being shaded in kudu-client
> 1.17.1 which cannot be updated. Using `unshaded` artifact isn't an option as
> it doesn't ship the compiled protobuf classes.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
