[
https://issues.apache.org/jira/browse/HDDS-14116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tsz-wo Sze resolved HDDS-14116.
-------------------------------
Resolution: Invalid
After regenerated protos, the warnings disappeared.
> Vulnerable protobuf generated type in use
> -----------------------------------------
>
> Key: HDDS-14116
> URL: https://issues.apache.org/jira/browse/HDDS-14116
> Project: Apache Ozone
> Issue Type: Bug
> Reporter: Tsz-wo Sze
> Priority: Major
>
> There are a lot of warnings as below:
> {code}
> Dec 09, 2025 7:03:41 PM com.google.protobuf.GeneratedMessage warnPre22Gencode
> WARNING: Vulnerable protobuf generated type in use:
> org.apache.hadoop.ipc_.protobuf.RpcHeaderProtos$RpcRequestHeaderProto
> As of 2022/09/29 (release 21.7) makeExtensionsImmutable should not be called
> from protobuf gencode. If you are seeing this message, your gencode is
> vulnerable to a denial of service attack. You should regenerate your code
> using protobuf 25.6 or later. Use the latest version that meets your needs.
> However, if you understand the risks and wish to continue with vulnerable
> gencode, you can set the system property
> `-Dcom.google.protobuf.use_unsafe_pre22_gencode` on the command line to
> silence this warning. You also can set
> `-Dcom.google.protobuf.error_on_unsafe_pre22_gencode` to throw an error
> instead. See security vulnerability:
> https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
