[jira] [Commented] (HBASE-26746) Update protobuf-java to 3.19.4
[ https://issues.apache.org/jira/browse/HBASE-26746?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17494861#comment-17494861 ] Andrew Kyle Purtell commented on HBASE-26746: - Merged PR to master, picked to branch-3. > Update protobuf-java to 3.19.4 > -- > > Key: HBASE-26746 > URL: https://issues.apache.org/jira/browse/HBASE-26746 > Project: HBase > Issue Type: Bug > Components: Protobufs, thirdparty >Reporter: Pankaj Kumar >Assignee: Sean Busbey >Priority: Minor > Fix For: hbase-thirdparty-3.5.2, hbase-thirdparty-4.0.2 > > Attachments: > 0001-CVE-2021-22569-Improve-performance-of-parsing-unknow.patch > > > Refer, > https://nvd.nist.gov/vuln/detail/CVE-2021-22569 -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (HBASE-26746) Update protobuf-java to 3.19.4
[ https://issues.apache.org/jira/browse/HBASE-26746?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17493469#comment-17493469 ] Andrew Kyle Purtell commented on HBASE-26746: - I have an internal fork of protobuf 2.5 where I fixed the only applicable CVE for the java library, CVE-2021-22569. If you want it here it is: [^0001-CVE-2021-22569-Improve-performance-of-parsing-unknow.patch] I don't think we have cause to build/ship a patched protobuf v2, though, unless for branch-1 > Update protobuf-java to 3.19.4 > -- > > Key: HBASE-26746 > URL: https://issues.apache.org/jira/browse/HBASE-26746 > Project: HBase > Issue Type: Bug > Components: Protobufs, thirdparty >Reporter: Pankaj Kumar >Assignee: Sean Busbey >Priority: Minor > Attachments: > 0001-CVE-2021-22569-Improve-performance-of-parsing-unknow.patch > > > Refer, > https://nvd.nist.gov/vuln/detail/CVE-2021-22569 -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (HBASE-26746) Update protobuf-java to 3.19.4
[ https://issues.apache.org/jira/browse/HBASE-26746?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17489717#comment-17489717 ] Pankaj Kumar commented on HBASE-26746: -- Got it.. > Update protobuf-java to 3.19.4 > -- > > Key: HBASE-26746 > URL: https://issues.apache.org/jira/browse/HBASE-26746 > Project: HBase > Issue Type: Bug > Components: Protobufs, thirdparty >Reporter: Pankaj Kumar >Assignee: Sean Busbey >Priority: Minor > > Refer, > https://nvd.nist.gov/vuln/detail/CVE-2021-22569 -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (HBASE-26746) Update protobuf-java to 3.19.4
[ https://issues.apache.org/jira/browse/HBASE-26746?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17489607#comment-17489607 ] Sean Busbey commented on HBASE-26746: - the external protobuf version is the one present for compatibility for e.g. deployed coprocessors. unless there's a fix in protobuf 2 we won't see that version get updated. > Update protobuf-java to 3.19.4 > -- > > Key: HBASE-26746 > URL: https://issues.apache.org/jira/browse/HBASE-26746 > Project: HBase > Issue Type: Bug > Components: Protobufs, thirdparty >Reporter: Pankaj Kumar >Assignee: Sean Busbey >Priority: Minor > > Refer, > https://nvd.nist.gov/vuln/detail/CVE-2021-22569 -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (HBASE-26746) Update protobuf-java to 3.19.4
[ https://issues.apache.org/jira/browse/HBASE-26746?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17489237#comment-17489237 ] Pankaj Kumar commented on HBASE-26746: -- This issue is applicable for branch-2 as well where we have depependecy, see . > Update protobuf-java to 3.19.4 > -- > > Key: HBASE-26746 > URL: https://issues.apache.org/jira/browse/HBASE-26746 > Project: HBase > Issue Type: Bug > Components: Protobufs, thirdparty >Reporter: Pankaj Kumar >Assignee: Sean Busbey >Priority: Minor > > Refer, > https://nvd.nist.gov/vuln/detail/CVE-2021-22569 -- This message was sent by Atlassian Jira (v8.20.1#820001)