You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@uniffle.apache.org by xi...@apache.org on 2023/01/19 02:45:43 UTC
[incubator-uniffle] branch master updated: [Deps] Bump protobuf to 3.19.6 to address vulnerability (#499)
This is an automated email from the ASF dual-hosted git repository.
xianjin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-uniffle.git
The following commit(s) were added to refs/heads/master by this push:
new b7c599de [Deps] Bump protobuf to 3.19.6 to address vulnerability (#499)
b7c599de is described below
commit b7c599de99dd4d4a41e31519ccc474467bc7ef6c
Author: Kaijie Chen <ck...@apache.org>
AuthorDate: Thu Jan 19 10:45:37 2023 +0800
[Deps] Bump protobuf to 3.19.6 to address vulnerability (#499)
### What changes were proposed in this pull request?
Bump com.google.protobuf:protoc to 3.19.6
### Why are the changes needed?
* CVE-2022-3171 7.5 Uncontrolled Resource Consumption vulnerability with medium severity found
* CVE-2022-3509 7.5 Uncontrolled Resource Consumption vulnerability with medium severity found
* CVE-2022-3510 7.5 Uncontrolled Resource Consumption vulnerability with medium severity found
### Does this PR introduce _any_ user-facing change?
No.
### How was this patch tested?
Existing CI.
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 2ff3f877..7bcd792b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -67,7 +67,7 @@
<picocli.version>4.5.2</picocli.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<prometheus.simpleclient.version>0.9.0</prometheus.simpleclient.version>
- <protobuf.version>3.19.2</protobuf.version>
+ <protobuf.version>3.19.6</protobuf.version>
<roaring.bitmap.version>0.9.15</roaring.bitmap.version>
<rss.shade.packageName>org.apache.uniffle</rss.shade.packageName>
<skipDeploy>false</skipDeploy>