As I understand it, reproduction details will be made available in the next 30 days.
On Thu, Jan 6, 2022 at 10:01 AM Marc Gravell <[email protected]> wrote: > I notice that the advisory is scant on details at the moment; is there any > mechanism for non-Google protobuf library authors to request additional > details to see whether our own implementations may be vulnerable to the > attack? Thanks > > On Thu, 6 Jan 2022 at 17:15, 'Derek Perez' via Protocol Buffers < > [email protected]> wrote: > >> Hello everyone, >> >> If you are using protobuf-java, Kotlin, or our JRuby gem >> (google-protobuf), please update to our latest release, published yesterday. >> More information about this advisory can be found here: >> >> https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-wrvw-hg22-4m67 >> >> Thanks! >> - Derek on behalf of the Protobuf Team >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Protocol Buffers" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/protobuf/CAJGs%2BiKxiTSGxh872Rh7sv1pzGENX53WaHfGQnSoRzJROoApSA%40mail.gmail.com >> <https://groups.google.com/d/msgid/protobuf/CAJGs%2BiKxiTSGxh872Rh7sv1pzGENX53WaHfGQnSoRzJROoApSA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > > > -- > Regards, > > Marc > -- You received this message because you are subscribed to the Google Groups "Protocol Buffers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/protobuf/CAJGs%2BiJkuNQ8H4jFZBsETm%2B0K6QPVpQiyZmN-tKFahDWHMmE%3Dg%40mail.gmail.com.
