[
https://issues.apache.org/jira/browse/HDDS-14116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tsz-wo Sze updated HDDS-14116:
------------------------------
Description:
There are a lot of warnings as below:
{code}
Dec 09, 2025 7:03:41 PM com.google.protobuf.GeneratedMessage warnPre22Gencode
WARNING: Vulnerable protobuf generated type in use:
org.apache.hadoop.ipc_.protobuf.RpcHeaderProtos$RpcRequestHeaderProto
As of 2022/09/29 (release 21.7) makeExtensionsImmutable should not be called
from protobuf gencode. If you are seeing this message, your gencode is
vulnerable to a denial of service attack. You should regenerate your code using
protobuf 25.6 or later. Use the latest version that meets your needs. However,
if you understand the risks and wish to continue with vulnerable gencode, you
can set the system property `-Dcom.google.protobuf.use_unsafe_pre22_gencode` on
the command line to silence this warning. You also can set
`-Dcom.google.protobuf.error_on_unsafe_pre22_gencode` to throw an error
instead. See security vulnerability:
https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2
{code}
was:
There are a lot of warnings as below:
{code}
Dec 09, 2025 7:03:41 PM com.google.protobuf.GeneratedMessage warnPre22Gencode
WARNING: Vulnerable protobuf generated type in use:
org.apache.hadoop.ipc_.protobuf.RpcHeaderProtos$RpcRequestHeaderProto
As of 2022/09/29 (release 21.7) makeExtensionsImmutable should not be called
from protobuf gencode. If you are seeing this message, your gencode is
vulnerable to a denial of service attack. You should regenerate your code using
protobuf 25.6 or later. Use the latest version that meets your needs. However,
if you understand the risks and wish to continue with vulnerable gencode, you
can set the system property `-Dcom.google.protobuf.use_unsafe_pre22_gencode` on
the command line to silence this warning. You also can set
`-Dcom.google.protobuf.error_on_unsafe_pre22_gencode` to throw an error
instead. See security vulnerability:
https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2
Dec 09, 2025 7:03:41 PM com.google.protobuf.GeneratedMessage warnPre22Gencode
{code}
> Vulnerable protobuf generated type in use
> -----------------------------------------
>
> Key: HDDS-14116
> URL: https://issues.apache.org/jira/browse/HDDS-14116
> Project: Apache Ozone
> Issue Type: New Feature
> Reporter: Tsz-wo Sze
> Priority: Major
>
> There are a lot of warnings as below:
> {code}
> Dec 09, 2025 7:03:41 PM com.google.protobuf.GeneratedMessage warnPre22Gencode
> WARNING: Vulnerable protobuf generated type in use:
> org.apache.hadoop.ipc_.protobuf.RpcHeaderProtos$RpcRequestHeaderProto
> As of 2022/09/29 (release 21.7) makeExtensionsImmutable should not be called
> from protobuf gencode. If you are seeing this message, your gencode is
> vulnerable to a denial of service attack. You should regenerate your code
> using protobuf 25.6 or later. Use the latest version that meets your needs.
> However, if you understand the risks and wish to continue with vulnerable
> gencode, you can set the system property
> `-Dcom.google.protobuf.use_unsafe_pre22_gencode` on the command line to
> silence this warning. You also can set
> `-Dcom.google.protobuf.error_on_unsafe_pre22_gencode` to throw an error
> instead. See security vulnerability:
> https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
