Tsz-wo Sze created HDDS-14116:
---------------------------------
Summary: Vulnerable protobuf generated type in use
Key: HDDS-14116
URL: https://issues.apache.org/jira/browse/HDDS-14116
Project: Apache Ozone
Issue Type: New Feature
Reporter: Tsz-wo Sze
There are a lot of warnings as below:
{code}
Dec 09, 2025 7:03:41 PM com.google.protobuf.GeneratedMessage warnPre22Gencode
WARNING: Vulnerable protobuf generated type in use:
org.apache.hadoop.ipc_.protobuf.RpcHeaderProtos$RpcRequestHeaderProto
As of 2022/09/29 (release 21.7) makeExtensionsImmutable should not be called
from protobuf gencode. If you are seeing this message, your gencode is
vulnerable to a denial of service attack. You should regenerate your code using
protobuf 25.6 or later. Use the latest version that meets your needs. However,
if you understand the risks and wish to continue with vulnerable gencode, you
can set the system property `-Dcom.google.protobuf.use_unsafe_pre22_gencode` on
the command line to silence this warning. You also can set
`-Dcom.google.protobuf.error_on_unsafe_pre22_gencode` to throw an error
instead. See security vulnerability:
https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2
Dec 09, 2025 7:03:41 PM com.google.protobuf.GeneratedMessage warnPre22Gencode
{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
