This is an automated email from the ASF dual-hosted git repository.
alexey pushed a commit to branch branch-1.18.x
in repository https://gitbox.apache.org/repos/asf/kudu.git
The following commit(s) were added to refs/heads/branch-1.18.x by this push:
new 402b89afc [java] upgrade protobuf from 3.21.12 to 3.25.5
402b89afc is described below
commit 402b89afc3d075b513411712dafe4de5a404dfc3
Author: Alexey Serbin <[email protected]>
AuthorDate: Thu Nov 28 20:52:14 2024 -0800
[java] upgrade protobuf from 3.21.12 to 3.25.5
This is to address at least CVE-2024-7254 and make security scanners
happier. More information on the vulnerability is available at [1].
This is to address KUDU-3629, at least partially.
[1]
https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-735f-pc8j-v9w8
Change-Id: I65012cc999d30cee3bb8389b3b94945d4992c11d
Reviewed-on: http://gerrit.cloudera.org:8080/22137
Reviewed-by: Zoltan Chovan <[email protected]>
Tested-by: Alexey Serbin <[email protected]>
Reviewed-by: Abhishek Chennaka <[email protected]>
(cherry picked from commit 150ec7ff541ec142f378440d8f844d9e9d500876)
Reviewed-on: http://gerrit.cloudera.org:8080/22153
Reviewed-by: Alexey Serbin <[email protected]>
---
java/gradle/dependencies.gradle | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/java/gradle/dependencies.gradle b/java/gradle/dependencies.gradle
index eb2254816..d0015dd4b 100755
--- a/java/gradle/dependencies.gradle
+++ b/java/gradle/dependencies.gradle
@@ -52,7 +52,7 @@ versions += [
murmur : "1.0.0",
netty : "4.1.115.Final",
osdetector : "1.6.2",
- protobuf : "3.21.12",
+ protobuf : "3.25.5",
ranger : "2.1.0",
scala211 : "2.11.12",
scala : "2.12.15",
