[
https://issues.apache.org/jira/browse/ORC-1212?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
William Hyun closed ORC-1212.
-----------------------------
> Upgrade protobuf-java to 3.17.3
> -------------------------------
>
> Key: ORC-1212
> URL: https://issues.apache.org/jira/browse/ORC-1212
> Project: ORC
> Issue Type: Bug
> Affects Versions: 1.8.0, 1.6.14, 1.7.5
> Reporter: Eugene Shinn (Truveta)
> Assignee: Dongjoon Hyun
> Priority: Critical
> Labels: releasenotes
> Fix For: 1.8.0
>
>
> Our static analysis software has detected that ORC uses [email protected],
> which is vulnerable to
> [CVE-2021-22569|https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-wrvw-hg22-4m67].
> ORC should be upgraded to a version that is 3.16.1+, which is the lowest
> non-vulnerable verison.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
