Hello everyone,
If you are using protobuf-java, protobuf-javalite, protobuf-kotlin,
protobuf-kotlin-lite, or our Jruby gem (google-protobuf), please update to
our latest releases, published Sept 18:
- 4.28.2
- 4.27.5
- 3.25.5
More information about this advisory can be found here:
https
Hello everyone,
If you are using protobuf-java, protobuf-javalite, protobuf-kotlin,
protobuf-kotlin-lite, or our Jruby gem (google-protobuf), please update to
our latest releases, published Sept 29:
- 3.21.7
- 3.20.3
- 3.19.6
- 3.16.3
More information about this advisory can be found
As I understand it, reproduction details will be made available in the next
30 days.
On Thu, Jan 6, 2022 at 10:01 AM Marc Gravell wrote:
> I notice that the advisory is scant on details at the moment; is there any
> mechanism for non-Google protobuf library authors to request additional
> detail
I notice that the advisory is scant on details at the moment; is there any
mechanism for non-Google protobuf library authors to request additional
details to see whether our own implementations may be vulnerable to the
attack? Thanks
On Thu, 6 Jan 2022 at 17:15, 'Derek Perez' via Protocol Buffers
Hello everyone,
If you are using protobuf-java, Kotlin, or our JRuby gem (google-protobuf),
please update to our latest release, published yesterday.
More information about this advisory can be found here:
https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-wrvw-hg22-4m67
Thanks!
