Craig W created HADOOP-18848:
--------------------------------
Summary: Upgrade protobuf to 3.15.0 or newer
Key: HADOOP-18848
URL: https://issues.apache.org/jira/browse/HADOOP-18848
Project: Hadoop Common
Issue Type: Improvement
Components: hadoop-thirdparty
Affects Versions: 3.3.6, 3.3.5
Reporter: Craig W
Hadoop includes a shaded version of protobuf-java (currently uses protobuf-java
3.7.1), however,
[CVE-2021-22570|https://nvd.nist.gov/vuln/detail/CVE-2021-22570] is a HIGH
vulnerability that can be fixed by upgrading to protobuf-java 3.15.0.
Please consider upgrading hadoop-shaded-protobuf to this newer version.
Relates to HADOOP-13363 and HADOOP-16821
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
