You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@bigtop.apache.org by "Masatake Iwasaki (Jira)" <ji...@apache.org> on 2022/04/21 06:34:00 UTC

[jira] [Created] (BIGTOP-3671) Add a patch for CVE-2021-22569 to bigtop_toolchain

Masatake Iwasaki created BIGTOP-3671:
----------------------------------------

             Summary: Add a patch for CVE-2021-22569 to bigtop_toolchain
                 Key: BIGTOP-3671
                 URL: https://issues.apache.org/jira/browse/BIGTOP-3671
             Project: Bigtop
          Issue Type: Bug
          Components: toolchain
            Reporter: Masatake Iwasaki
            Assignee: Masatake Iwasaki


[PR#9371 of protobuf|https://github.com/protocolbuffers/protobuf/pull/9371] is the fix for vulnerability of protobuf-java. [~apurtell] provided us a backported patch for protobuf-2.5.0. Users can locally install patched protobuf-java from the source code set up by bigtop_toolchain (under /usr/src/protobuf-2.5.0/java) for their own build.

Using patched protobuf-java for packaging is out of the scope of this issue. We are using only protoc and protobuf-java is pulled from public Maven repos now. It may be addressed in follow-up JIRAs.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)