[
https://issues.apache.org/jira/browse/KUDU-3629?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17902462#comment-17902462
]
ASF subversion and git services commented on KUDU-3629:
-------------------------------------------------------
Commit 150ec7ff541ec142f378440d8f844d9e9d500876 in kudu's branch
refs/heads/master from Alexey Serbin
[ https://gitbox.apache.org/repos/asf?p=kudu.git;h=150ec7ff5 ]
[java] upgrade protobuf from 3.21.12 to 3.25.5
This is to address at least CVE-2024-7254 and make security scanners
happier. More information on the vulnerability is available at [1].
This is to address KUDU-3629, at least partially.
[1]
https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-735f-pc8j-v9w8
Change-Id: I65012cc999d30cee3bb8389b3b94945d4992c11d
Reviewed-on: http://gerrit.cloudera.org:8080/22137
Reviewed-by: Zoltan Chovan <[email protected]>
Tested-by: Alexey Serbin <[email protected]>
Reviewed-by: Abhishek Chennaka <[email protected]>
> 2 high CVEs in kudu-client
> --------------------------
>
> Key: KUDU-3629
> URL: https://issues.apache.org/jira/browse/KUDU-3629
> Project: Kudu
> Issue Type: Bug
> Components: client
> Affects Versions: 1.17.0
> Reporter: Mateusz Gajewski
> Priority: Major
>
> There are outdated protobuf and netty libraries being shaded in kudu-client
> 1.17.1 which cannot be updated. Using `unshaded` artifact isn't an option as
> it doesn't ship the compiled protobuf classes.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
