[
https://issues.apache.org/jira/browse/KUDU-3629?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17901571#comment-17901571
]
Alexey Serbin commented on KUDU-3629:
-------------------------------------
Thanks a lot for the clarification and the details.
I posted the following patches for review. The idea is to cherry-pick them
into the upcoming Kudu 1.18.0 release (in progress).
There might be a chance to get those in the maintenance release of 1.17.2, but
it's a question whether we are about to have 1.17.2 released.
* https://gerrit.cloudera.org/#/c/22136/
* https://gerrit.cloudera.org/#/c/22137/
> 2 high CVEs in kudu-client
> --------------------------
>
> Key: KUDU-3629
> URL: https://issues.apache.org/jira/browse/KUDU-3629
> Project: Kudu
> Issue Type: Bug
> Components: client
> Affects Versions: 1.17.0
> Reporter: Mateusz Gajewski
> Priority: Major
>
> There are outdated protobuf and netty libraries being shaded in kudu-client
> 1.17.1 which cannot be updated. Using `unshaded` artifact isn't an option as
> it doesn't ship the compiled protobuf classes.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
