[
https://issues.apache.org/jira/browse/KUDU-3629?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17902502#comment-17902502
]
ASF subversion and git services commented on KUDU-3629:
-------------------------------------------------------
Commit 402b89afc3d075b513411712dafe4de5a404dfc3 in kudu's branch
refs/heads/branch-1.18.x from Alexey Serbin
[ https://gitbox.apache.org/repos/asf?p=kudu.git;h=402b89afc ]
[java] upgrade protobuf from 3.21.12 to 3.25.5
This is to address at least CVE-2024-7254 and make security scanners
happier. More information on the vulnerability is available at [1].
This is to address KUDU-3629, at least partially.
[1]
https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-735f-pc8j-v9w8
Change-Id: I65012cc999d30cee3bb8389b3b94945d4992c11d
Reviewed-on: http://gerrit.cloudera.org:8080/22137
Reviewed-by: Zoltan Chovan <[email protected]>
Tested-by: Alexey Serbin <[email protected]>
Reviewed-by: Abhishek Chennaka <[email protected]>
(cherry picked from commit 150ec7ff541ec142f378440d8f844d9e9d500876)
Reviewed-on: http://gerrit.cloudera.org:8080/22153
Reviewed-by: Alexey Serbin <[email protected]>
> 2 high CVEs in kudu-client
> --------------------------
>
> Key: KUDU-3629
> URL: https://issues.apache.org/jira/browse/KUDU-3629
> Project: Kudu
> Issue Type: Bug
> Components: client
> Affects Versions: 1.17.0
> Reporter: Mateusz Gajewski
> Priority: Major
>
> There are outdated protobuf and netty libraries being shaded in kudu-client
> 1.17.1 which cannot be updated. Using `unshaded` artifact isn't an option as
> it doesn't ship the compiled protobuf classes.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
