[jira] [Commented] (KUDU-3629) 2 high CVEs in kudu-client

Manfred Moser (Jira) Wed, 27 Nov 2024 09:57:40 -0800


    [ 
https://issues.apache.org/jira/browse/KUDU-3629?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17901554#comment-17901554
 ]


Manfred Moser commented on KUDU-3629:
-------------------------------------

This affects Trino and any other application using the client and introduces 
these CVEs into security scans of these applications .. obviously thats rather 
bad. 

> 2 high CVEs in kudu-client
> --------------------------
>
>                 Key: KUDU-3629
>                 URL: https://issues.apache.org/jira/browse/KUDU-3629
>             Project: Kudu
>          Issue Type: Bug
>          Components: client
>    Affects Versions: 1.17.0
>            Reporter: Mateusz Gajewski
>            Priority: Major
>
> There are outdated protobuf and netty libraries being shaded in kudu-client 
> 1.17.1 which cannot be updated. Using `unshaded` artifact isn't an option as 
> it doesn't ship the compiled protobuf classes.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (KUDU-3629) 2 high CVEs in kudu-client

Reply via email to