You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@bookkeeper.apache.org by "zymap (via GitHub)" <gi...@apache.org> on 2023/06/25 08:34:00 UTC

[GitHub] [bookkeeper] zymap opened a new pull request, #4001: Downgrade gprc to 1.54.1

zymap opened a new pull request, #4001:
URL: https://github.com/apache/bookkeeper/pull/4001

   ---
   
   ### Motivation
   
   We upgrade grpc and protobuf to address CVE-2023-32732. But it requires the protobuf 3.22+. In protobuf 3.22.0, it introduces a breaking change. It requires all the sub-project, which depend on the bookkeeper to upgrade protobuf to 3.22.0+. It should not be acceptable in a minor release.
   
   So we use a lower version of grpc and protobuf to address the CVE issue.
   
   See more context: https://github.com/apache/bookkeeper/pull/3997
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@bookkeeper.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [bookkeeper] hangc0276 commented on pull request #4001: Downgrade grpc and protobuf to avoid introducing breaking change

Posted by "hangc0276 (via GitHub)" <gi...@apache.org>.

hangc0276 commented on PR #4001:
URL: https://github.com/apache/bookkeeper/pull/4001#issuecomment-1606114206

   LGTM


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@bookkeeper.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [bookkeeper] zymap commented on pull request #4001: Downgrade grpc and protobuf to avoid introducing breaking change

Posted by "zymap (via GitHub)" <gi...@apache.org>.

zymap commented on PR #4001:
URL: https://github.com/apache/bookkeeper/pull/4001#issuecomment-1606071256

   https://github.com/protocolbuffers/protobuf/issues/11393 Another compatible issue with jdk8, I need to downgrade the protobuf.
   They have fixed but not released https://github.com/protocolbuffers/protobuf/pull/12036


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@bookkeeper.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [bookkeeper] zymap commented on pull request #4001: Downgrade gprc to 1.54.1

Posted by "zymap (via GitHub)" <gi...@apache.org>.

zymap commented on PR #4001:
URL: https://github.com/apache/bookkeeper/pull/4001#issuecomment-1605936349

   @lhotari PTAL, thanks


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@bookkeeper.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [bookkeeper] zymap merged pull request #4001: [Branch-4.16] Downgrade grpc and protobuf to avoid introducing breaking change

Posted by "zymap (via GitHub)" <gi...@apache.org>.

zymap merged PR #4001:
URL: https://github.com/apache/bookkeeper/pull/4001


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@bookkeeper.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org