[
https://issues.apache.org/jira/browse/TEZ-4552?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Shilun Fan updated TEZ-4552:
----------------------------
Description:
I found that there are 3 CVE issues that we need to deal with. These CVE issues
are related to protobuf. Our protobuf uses 3.21.1, which is an old version.
This PR will try to upgrade the protobuf version to solve the CVE issue.
* [CVE-2022-3171|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3171]
* [CVE-2022-3509|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3509]
* [CVE-2022-3510|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3510]
> Upgrade protobuf to 3.24.4 due to CVE.
> --------------------------------------
>
> Key: TEZ-4552
> URL: https://issues.apache.org/jira/browse/TEZ-4552
> Project: Apache Tez
> Issue Type: Improvement
> Reporter: Shilun Fan
> Assignee: Shilun Fan
> Priority: Major
> Time Spent: 1h 50m
> Remaining Estimate: 0h
>
> I found that there are 3 CVE issues that we need to deal with. These CVE
> issues are related to protobuf. Our protobuf uses 3.21.1, which is an old
> version. This PR will try to upgrade the protobuf version to solve the CVE
> issue.
> *
> [CVE-2022-3171|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3171]
> *
> [CVE-2022-3509|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3509]
> *
> [CVE-2022-3510|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3510]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
