[
https://issues.apache.org/jira/browse/HADOOP-19791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18053950#comment-18053950
]
Shubham Kalloli commented on HADOOP-19791:
------------------------------------------
Hi Steve, thank you for responding back.
The CVE is being pulled by the GCS Jar, which brings the Netty Shaded 1.70.0.
But upgrading the dependency requires us to Protobuf and Guava, which are in
`hadoop-cloud-storage-project/hadoop-gcp/pom.xml`
Happy to raise a PR with the Guava and Protobuf either way before raising a PR
for this
> Upgrade Google Cloud Storage to remediate CVEs
> ----------------------------------------------
>
> Key: HADOOP-19791
> URL: https://issues.apache.org/jira/browse/HADOOP-19791
> Project: Hadoop Common
> Issue Type: Task
> Components: cloud-storage
> Affects Versions: 3.4.2
> Reporter: Shubham Kalloli
> Priority: Major
> Fix For: 3.5.0
>
> Attachments: report.html
>
>
> Upgrading Google Cloud Storage from 2.52.0 to 2.62.0 to remediate
> CVE-2025-55163
> Updating Guava and Protobuf to prevent conflicts
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
