slachiewicz opened a new pull request, #5784:
URL: https://github.com/apache/hudi/pull/5784
## What is the purpose of the pull request
Upgrade Protobuf to latest available version
## Brief change log
- Upgrade Protobuf to 3.21.1 to support project compilation on macOS M1
(aarm64).
-
[CVE-2021-22569](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22569)
High - CVSS Score: 7.5, An implementation weakness in how unknown fields are
parsed in Java. A small (~800 KB) malicious payload can occupy the parser for
several minutes by creating large numbers of short-lived objects that cause
frequent, repeated GC pauses.
## Verify this pull request
This pull request is already covered by existing tests
## Committer checklist
- [X] Has a corresponding JIRA in PR title & commit
- [X] Commit message is descriptive of the change
- [ ] CI is green
- [ ] Necessary doc changes done or have another open PR
- [ ] For large changes, please consider breaking it into sub-tasks under
an umbrella JIRA.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
