[jira] [Commented] (HIVE-27845) Upgrade protobuf to 3.24.4 to fix CVEs

Ayush Saxena (Jira) Tue, 27 Feb 2024 01:14:57 -0800


    [ 
https://issues.apache.org/jira/browse/HIVE-27845?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17821082#comment-17821082
 ]


Ayush Saxena commented on HIVE-27845:
-------------------------------------

Committed to master.

Thanx [~tanishqchugh] for the contribution & others for the reviews!!!

> Upgrade protobuf to 3.24.4 to fix CVEs
> --------------------------------------
>
>                 Key: HIVE-27845
>                 URL: https://issues.apache.org/jira/browse/HIVE-27845
>             Project: Hive
>          Issue Type: Improvement
>            Reporter: Akshat Mathur
>            Assignee: tanishqchugh
>            Priority: Major
>              Labels: pull-request-available, pull_request_available
>
> Current protobuf-java(3.21.3) has the following CVE
> Direct vulnerabilities:
> [CVE-2022-3510|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3510]
> [CVE-2022-3509|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3509]
> [CVE-2022-3171|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3171]
> Vulnerabilities from dependencies:
> [CVE-2023-2976|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2976]
> [CVE-2020-8908|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8908]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (HIVE-27845) Upgrade protobuf to 3.24.4 to fix CVEs

Reply via email to