I notice that the advisory is scant on details at the moment; is there any mechanism for non-Google protobuf library authors to request additional details to see whether our own implementations may be vulnerable to the attack? Thanks
On Thu, 6 Jan 2022 at 17:15, 'Derek Perez' via Protocol Buffers < [email protected]> wrote: > Hello everyone, > > If you are using protobuf-java, Kotlin, or our JRuby gem > (google-protobuf), please update to our latest release, published yesterday. > More information about this advisory can be found here: > > https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-wrvw-hg22-4m67 > > Thanks! > - Derek on behalf of the Protobuf Team > > -- > You received this message because you are subscribed to the Google Groups > "Protocol Buffers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/protobuf/CAJGs%2BiKxiTSGxh872Rh7sv1pzGENX53WaHfGQnSoRzJROoApSA%40mail.gmail.com > <https://groups.google.com/d/msgid/protobuf/CAJGs%2BiKxiTSGxh872Rh7sv1pzGENX53WaHfGQnSoRzJROoApSA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- Regards, Marc -- You received this message because you are subscribed to the Google Groups "Protocol Buffers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/protobuf/CAF95VAz5KHj224JJyC1H%2BxncoUSV72snGJSW9gQb5wi1pZ_ofw%40mail.gmail.com.
