[ https://issues.apache.org/jira/browse/HADOOP-17679?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17776477#comment-17776477 ]
Colm O hEigeartaigh commented on HADOOP-17679: ---------------------------------------------- Note we have many CVEs in protobuf 3.7.1: {code:java} protobuf-java 3.7.1 java-archive CVE-2021-22569 Medium protobuf-java 3.7.1 java-archive CVE-2021-22570 Medium protobuf-java 3.7.1 java-archive CVE-2022-3171 High protobuf-java 3.7.1 3.15.0 java-archive GHSA-77rm-9x9h-xj3g High protobuf-java 3.7.1 3.16.1 java-archive GHSA-wrvw-hg22-4m67 High protobuf-java 3.7.1 3.16.3 java-archive GHSA-4gg5-vx3j-xwc7 High protobuf-java 3.7.1 3.16.3 java-archive GHSA-g5ww-5jh7-63cx High protobuf-java 3.7.1 3.16.3 java-archive GHSA-h4h5-3hr4-j3g2 Medium {code} > Upgrade Protobuf from 3.7.1 to 3.17.3 > ------------------------------------- > > Key: HADOOP-17679 > URL: https://issues.apache.org/jira/browse/HADOOP-17679 > Project: Hadoop Common > Issue Type: Improvement > Components: build > Affects Versions: 3.3.0 > Reporter: Igor Dvorzhak > Assignee: Igor Dvorzhak > Priority: Major > Labels: pull-request-available > Time Spent: 1h 20m > Remaining Estimate: 0h > > Protobuf 3.17.0 is the latest Protobuf release now. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org