If we are going to do a new third-party JAR can someone do the protobuf update too?
my last incomplete attempt can be taken up by others https://github.com/apache/hadoop-thirdparty/pull/19 https://github.com/apache/hadoop/pull/4418/files I have too many other direct commitments to see this through, though I do want to get the bit where protobuf-2.5.0 returns to being a "provided" dependency rather than mandatory https://github.com/apache/hadoop/pull/4996 On Tue, 8 Aug 2023 at 18:00, Wei-Chiu Chuang (Jira) <j...@apache.org> wrote: > Wei-Chiu Chuang created HADOOP-18843: > ---------------------------------------- > > Summary: Guava version 32.0.1 bump to fix CVE-2023-2976 > (hadoop-thirdparty PR#23) > Key: HADOOP-18843 > URL: https://issues.apache.org/jira/browse/HADOOP-18843 > Project: Hadoop Common > Issue Type: Task > Reporter: Wei-Chiu Chuang > > > Create the corresponding jira for hadoop-thirdparty PR#23. > > > > -- > This message was sent by Atlassian Jira > (v8.20.10#820010) > > --------------------------------------------------------------------- > To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org > For additional commands, e-mail: common-dev-h...@hadoop.apache.org > >
