[jira] [Commented] (HBASE-26746) Update protobuf-java to 3.19.4

Andrew Kyle Purtell (Jira) Wed, 16 Feb 2022 11:52:06 -0800


    [ 
https://issues.apache.org/jira/browse/HBASE-26746?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17493469#comment-17493469
 ]


Andrew Kyle Purtell commented on HBASE-26746:
---------------------------------------------

I have an internal fork of protobuf 2.5 where I fixed the only applicable CVE 
for the java library, CVE-2021-22569. If you want it here it is:  
[^0001-CVE-2021-22569-Improve-performance-of-parsing-unknow.patch] 
I don't think we have cause to build/ship a patched protobuf v2, though, unless 
for branch-1.... 

> Update protobuf-java to 3.19.4
> ------------------------------
>
>                 Key: HBASE-26746
>                 URL: https://issues.apache.org/jira/browse/HBASE-26746
>             Project: HBase
>          Issue Type: Bug
>          Components: Protobufs, thirdparty
>            Reporter: Pankaj Kumar
>            Assignee: Sean Busbey
>            Priority: Minor
>         Attachments: 
> 0001-CVE-2021-22569-Improve-performance-of-parsing-unknow.patch
>
>
> Refer,
> https://nvd.nist.gov/vuln/detail/CVE-2021-22569



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (HBASE-26746) Update protobuf-java to 3.19.4

Reply via email to