Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] protobuf-java version changed to 3.x #4551

Closed
tgravescs opened this issue Jan 18, 2022 · 1 comment
Closed

[BUG] protobuf-java version changed to 3.x #4551

tgravescs opened this issue Jan 18, 2022 · 1 comment
Labels
bug Something isn't working P0 Must have for release

Comments

@tgravescs
Copy link
Collaborator

Describe the bug
#4545 changed the version of protobuf-java for vulnerability. We picked up same version as Spark.
We need to make sure incrementing to a 3.x version from 2.x is ok. Pr mentions this is fixed in #4408 but that isn't until 22.04.
@tgravescs tgravescs added bug Something isn't working ? - Needs Triage Need team to review and classify P0 Must have for release labels Jan 18, 2022
@tgravescs tgravescs mentioned this issue Jan 18, 2022
Merged
@pxLi pxLi mentioned this issue Jan 20, 2022
Merged
@pxLi
Copy link
Collaborator

pxLi commented Jan 20, 2022

added CVE-2021-22569 to internal whitelist and reverted #4545

@pxLi pxLi closed this as completed Jan 20, 2022
@sameerz sameerz removed the ? - Needs Triage Need team to review and classify label Jan 21, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working P0 Must have for release
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tgravescs @sameerz @pxLi