[GitHub] [pulsar] RobertIndie commented on a diff in pull request #21057: Bump GRPC version to 1.53.0 to fix CVE

via GitHub Thu, 24 Aug 2023 02:04:17 -0700


RobertIndie commented on code in PR #21057:
URL: https://github.com/apache/pulsar/pull/21057#discussion_r1304030389



##########
pom.xml:
##########
@@ -164,7 +164,7 @@ flexible messaging model and an intuitive client 
API.</description>
     <typetools.version>0.5.0</typetools.version>
     <protobuf3.version>3.19.6</protobuf3.version>
     <protoc3.version>${protobuf3.version}</protoc3.version>
-    <grpc.version>1.45.1</grpc.version>
+    <grpc.version>1.53.0</grpc.version>

Review Comment:
   Looks like we need to upgrade to 1.55.0 to address this CVE: 
https://nvd.nist.gov/vuln/detail/CVE-2023-32731



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

[GitHub] [pulsar] RobertIndie commented on a diff in pull request #21057: Bump GRPC version to 1.53.0 to fix CVE

Reply via email to