[jira] [Created] (HADOOP-18848) Upgrade protobuf to 3.15.0 or newer

Craig W (Jira) Fri, 11 Aug 2023 10:13:42 -0700

Craig W created HADOOP-18848:
--------------------------------

             Summary: Upgrade protobuf to 3.15.0 or newer
                 Key: HADOOP-18848
                 URL: https://issues.apache.org/jira/browse/HADOOP-18848
             Project: Hadoop Common
          Issue Type: Improvement
          Components: hadoop-thirdparty
    Affects Versions: 3.3.6, 3.3.5
            Reporter: Craig W



Hadoop includes a shaded version of protobuf-java (currently uses protobuf-java 
3.7.1), however, 
[CVE-2021-22570|https://nvd.nist.gov/vuln/detail/CVE-2021-22570] is a HIGH 
vulnerability that can be fixed by upgrading to protobuf-java 3.15.0.

Please consider upgrading hadoop-shaded-protobuf to this newer version.

 

Relates to HADOOP-13363 and HADOOP-16821



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-dev-h...@hadoop.apache.org

[jira] [Created] (HADOOP-18848) Upgrade protobuf to 3.15.0 or newer

Reply via email to