I've created https://github.com/apache/pulsar/issues/23341 to track the work to
address CVE-2024-7254 .
-Lari
On 2024/09/23 11:56:50 Lari Hotari wrote:
> Protobuf contains a new high-level CVE, described in
> https://github.com/advisories/GHSA-735f-pc8j-v9w8.
>
> The problem in Pulsar is that
Protobuf contains a new high-level CVE, described in
https://github.com/advisories/GHSA-735f-pc8j-v9w8.
The problem in Pulsar is that Protobuf cannot be upgraded unless it's first
upgraded in Bookkeeper. I have made a PR to the Bookkeeper master branch:
https://github.com/apache/bookkeeper/pull
I did some further investigation about decoupling gRPC & Protobuf library
versions between Pulsar & Bookkeeper. Updates in the bookkeeper dev mailing
list thread:
https://lists.apache.org/thread/ph8rzt96lbdcwnz3300x60nk1cv64lrn
-Lari
On 2023/12/14 18:47:53 Lari Hotari wrote:
> Hi all,
>
> I ha
Hi all,
I have started a thread on d...@bookkeeper.apache.org about gRPC & Protobuf
library upgrades.
You can follow and contribute to the discussion on this thread:
https://lists.apache.org/thread/odg7p617zwqjngq6fk6qf8xfzbfwgfgq
Looking forward to your valuable input.
-Lari
