[
https://issues.apache.org/jira/browse/HADOOP-17679?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17776477#comment-17776477
]
Colm O hEigeartaigh commented on HADOOP-17679:
----------------------------------------------
Note we have many CVEs in protobuf 3.7.1:
{code:java}
protobuf-java 3.7.1 java-archive
CVE-2021-22569 Medium
protobuf-java 3.7.1 java-archive
CVE-2021-22570 Medium
protobuf-java 3.7.1 java-archive
CVE-2022-3171 High
protobuf-java 3.7.1 3.15.0 java-archive
GHSA-77rm-9x9h-xj3g High
protobuf-java 3.7.1 3.16.1 java-archive
GHSA-wrvw-hg22-4m67 High
protobuf-java 3.7.1 3.16.3 java-archive
GHSA-4gg5-vx3j-xwc7 High
protobuf-java 3.7.1 3.16.3 java-archive
GHSA-g5ww-5jh7-63cx High
protobuf-java 3.7.1 3.16.3 java-archive
GHSA-h4h5-3hr4-j3g2 Medium {code}
> Upgrade Protobuf from 3.7.1 to 3.17.3
> -------------------------------------
>
> Key: HADOOP-17679
> URL: https://issues.apache.org/jira/browse/HADOOP-17679
> Project: Hadoop Common
> Issue Type: Improvement
> Components: build
> Affects Versions: 3.3.0
> Reporter: Igor Dvorzhak
> Assignee: Igor Dvorzhak
> Priority: Major
> Labels: pull-request-available
> Time Spent: 1h 20m
> Remaining Estimate: 0h
>
> Protobuf 3.17.0 is the latest Protobuf release now.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
