lhotari opened a new issue, #23341: URL: https://github.com/apache/pulsar/issues/23341
### Search before asking - [X] I searched in the [issues](https://github.com/apache/pulsar/issues) and found nothing similar. ### Read release policy - [X] I understand that unsupported versions don't get bug fixes. I will attempt to reproduce the issue on a supported version of Pulsar client and Pulsar broker. ### Version Pulsar 3.0.x, 3.3.x and master branch ### Minimal reproduce step protobuf-java needs to be upgraded to 3.25.5 to address CVE-2024-7254 ### What did you expect to see? Pulsar dependencies shouldn't contain known high or critical level CVEs. ### What did you see instead? CVE-2024-7254 is categorized high although it's not a threat for Pulsar users in practice. ### Anything else? _No response_ ### Are you willing to submit a PR? - [X] I'm willing to submit a PR! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
