[ https://issues.apache.org/jira/browse/TEZ-4552?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17843662#comment-17843662 ]
László Bodor commented on TEZ-4552: ----------------------------------- merged to master, thanks [~slfan1989] for this patch! > Upgrade protobuf to 3.24.4 due to CVE. > -------------------------------------- > > Key: TEZ-4552 > URL: https://issues.apache.org/jira/browse/TEZ-4552 > Project: Apache Tez > Issue Type: Improvement > Reporter: Shilun Fan > Assignee: Shilun Fan > Priority: Major > Fix For: 0.10.4 > > Time Spent: 2h 20m > Remaining Estimate: 0h > > I found that there are 3 CVE issues that we need to deal with. These CVE > issues are related to protobuf. Our protobuf uses 3.21.1, which is an old > version. This PR will try to upgrade the protobuf version to solve the CVE > issue. > * > [CVE-2022-3171|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3171] > * > [CVE-2022-3509|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3509] > * > [CVE-2022-3510|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3510] -- This message was sent by Atlassian Jira (v8.20.10#820010)