[jira] [Created] (BIGTOP-3671) Add a patch for CVE-2021-22569 to bigtop_toolchain

Masatake Iwasaki (Jira) Wed, 20 Apr 2022 23:34:05 -0700

Masatake Iwasaki created BIGTOP-3671:
----------------------------------------


             Summary: Add a patch for CVE-2021-22569 to bigtop_toolchain
                 Key: BIGTOP-3671
                 URL: https://issues.apache.org/jira/browse/BIGTOP-3671
             Project: Bigtop
          Issue Type: Bug
          Components: toolchain
            Reporter: Masatake Iwasaki
            Assignee: Masatake Iwasaki


[PR#9371 of protobuf|https://github.com/protocolbuffers/protobuf/pull/9371] is 
the fix for vulnerability of protobuf-java. [~apurtell] provided us a 
backported patch for protobuf-2.5.0. Users can locally install patched 
protobuf-java from the source code set up by bigtop_toolchain (under 
/usr/src/protobuf-2.5.0/java) for their own build.

Using patched protobuf-java for packaging is out of the scope of this issue. We 
are using only protoc and protobuf-java is pulled from public Maven repos now. 
It may be addressed in follow-up JIRAs.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

[jira] [Created] (BIGTOP-3671) Add a patch for CVE-2021-22569 to bigtop_toolchain

Reply via email to