fmiguelez opened a new issue #9250: URL: https://github.com/apache/pulsar/issues/9250
Libraries of Protobuf versions used in both broker (protobuf-shaded:2.1.0-incubating, shaded of protobuf-java:2.4.1) and client (protobuf-javanano:3.0.0-alpha-5) are affected by high risk vulnerability [CVE-2015-5237](https://nvd.nist.gov/vuln/detail/CVE-2015-5237) This vulnerability is solved by Protobuf version 3.4.0. This dependency should be upgraded in both broker and client. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
