As I understand it, reproduction details will be made available in the next 30 days.
On Thu, Jan 6, 2022 at 10:01 AM Marc Gravell <marc.grav...@gmail.com> wrote: > I notice that the advisory is scant on details at the moment; is there any > mechanism for non-Google protobuf library authors to request additional > details to see whether our own implementations may be vulnerable to the > attack? Thanks > > On Thu, 6 Jan 2022 at 17:15, 'Derek Perez' via Protocol Buffers < > protobuf@googlegroups.com> wrote: > >> Hello everyone, >> >> If you are using protobuf-java, Kotlin, or our JRuby gem >> (google-protobuf), please update to our latest release, published yesterday. >> More information about this advisory can be found here: >> >> https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-wrvw-hg22-4m67 >> >> Thanks! >> - Derek on behalf of the Protobuf Team >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Protocol Buffers" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to protobuf+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/protobuf/CAJGs%2BiKxiTSGxh872Rh7sv1pzGENX53WaHfGQnSoRzJROoApSA%40mail.gmail.com >> <https://groups.google.com/d/msgid/protobuf/CAJGs%2BiKxiTSGxh872Rh7sv1pzGENX53WaHfGQnSoRzJROoApSA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > > > -- > Regards, > > Marc > -- You received this message because you are subscribed to the Google Groups "Protocol Buffers" group. To unsubscribe from this group and stop receiving emails from it, send an email to protobuf+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/protobuf/CAJGs%2BiJkuNQ8H4jFZBsETm%2B0K6QPVpQiyZmN-tKFahDWHMmE%3Dg%40mail.gmail.com.
