[
https://issues.apache.org/jira/browse/NIFI-13413?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17855986#comment-17855986
]
David Handermann commented on NIFI-13413:
-----------------------------------------
Thanks for the reply [~jrsteinebrey], going for more selective upgrades sounds
like the best approach.
Of note, CVE-2021-22569 applies to protobuf 2.5.0, but it does not apply to
protobuf 3.25.3. Version 2.5.0 is a transitive dependency in the HBase 2 and
Iceberg modules, unrelated to nifi-protobuf-services. Unfortunately, upgrading
protobuf 2.5.0 will likely involve addressing the usage of other dependencies,
as opposed to protobuf 2.5.0 itself.
> Dependency upgrades for proto-buf-java 3.25.3 -> 4.27.1
> -------------------------------------------------------
>
> Key: NIFI-13413
> URL: https://issues.apache.org/jira/browse/NIFI-13413
> Project: Apache NiFi
> Issue Type: Task
> Components: Extensions
> Affects Versions: 1.26.0, 2.0.0-M3
> Reporter: Jim Steinebrey
> Priority: Major
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
