You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@bookkeeper.apache.org by "lhotari (via GitHub)" <gi...@apache.org> on 2023/06/19 07:52:26 UTC
[GitHub] [bookkeeper] lhotari opened a new pull request, #3992: Upgrade grpc and protobuf to address CVE-2023-32732
lhotari opened a new pull request, #3992:
URL: https://github.com/apache/bookkeeper/pull/3992
### Motivation
OWASP dependency check fails because of CVE-2023-32732 in grpc.
### Changes
* Upgrade grpc to 1.56.0
* Upgrade protobuf to 3.22.3 to match the version used in grpc 1.56.0
* Upgrade other grpc/protobuf related libs
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@bookkeeper.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [bookkeeper] lhotari commented on pull request #3992: Upgrade grpc and protobuf to address CVE-2023-32732
Posted by "lhotari (via GitHub)" <gi...@apache.org>.
lhotari commented on PR #3992:
URL: https://github.com/apache/bookkeeper/pull/3992#issuecomment-1599189869
#3997 contains the fix for the binary compatibility, it is necessary to merge that too.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@bookkeeper.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [bookkeeper] lhotari commented on pull request #3992: Upgrade grpc and protobuf to address CVE-2023-32732
Posted by "lhotari (via GitHub)" <gi...@apache.org>.
lhotari commented on PR #3992:
URL: https://github.com/apache/bookkeeper/pull/3992#issuecomment-1599179431
I think I found a solution. I'll send a PR.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@bookkeeper.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [bookkeeper] zymap merged pull request #3992: Upgrade grpc and protobuf to address CVE-2023-32732
Posted by "zymap (via GitHub)" <gi...@apache.org>.
zymap merged PR #3992:
URL: https://github.com/apache/bookkeeper/pull/3992
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@bookkeeper.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [bookkeeper] lhotari commented on pull request #3992: Upgrade grpc and protobuf to address CVE-2023-32732
Posted by "lhotari (via GitHub)" <gi...@apache.org>.
lhotari commented on PR #3992:
URL: https://github.com/apache/bookkeeper/pull/3992#issuecomment-1599171432
Unfortunately there seems to be a breaking change in grpc-java at this location https://github.com/grpc/grpc-java/commit/fcb5c54e4b82d354f42ced0121928fabce9ef53f#r118953940 .
This showed up in https://github.com/apache/pulsar/pull/20602#issuecomment-1599141505 .
Do we have backwards compatibility tests for the BK client?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@bookkeeper.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org