Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-19289

upgrade to protobuf-java 3.25.5 due to CVE-2024-7254

    XMLWordPrintableJSON

Details

    • Task
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • common

    Description

      https://github.com/advisories/GHSA-735f-pc8j-v9w8

      Presumably protobuf encoded messages in Hadoop come from trusted sources but it is still useful to upgrade the jar.

      Attachments

        Activity

          People

            Unassigned Unassigned
            fanningpj PJ Fanning
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 0.5h
                0.5h