Protobuf versions prior to 3.21.7 suffer from CVE-2022-3171 <https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2>. Notably, the fix requires regenerating code, so make sure your protoc version is upgraded and you verify important dependencies have rebuilt their generated code. See their advisory for the fixed versions of protobuf.
gRPC 1.48.2 and 1.49.2 regenerate protobuf code that gRPC publishes, like those in grpc-services. You are encouraged to upgrade. Patch releases for 1.36 and 1.41-1.47 are upcoming. -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/CA%2B4M1oP94RmYSoVi_kajDHwAzwaEMPchBJBdnf1aCdCtZRBjSw%40mail.gmail.com.
smime.p7s
Description: S/MIME Cryptographic Signature
