You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2021/01/20 15:56:31 UTC

[GitHub] [pulsar] fmiguelez opened a new issue #9250: Protobuf version used in broker and client affected by vulnerability CVE-2015-5237

fmiguelez opened a new issue #9250:
URL: https://github.com/apache/pulsar/issues/9250


   Libraries of Protobuf versions used in both broker (protobuf-shaded:2.1.0-incubating, shaded of protobuf-java:2.4.1) and client (protobuf-javanano:3.0.0-alpha-5) are affected by high risk vulnerability [CVE-2015-5237](https://nvd.nist.gov/vuln/detail/CVE-2015-5237)
   
   This vulnerability is solved by Protobuf version 3.4.0. This dependency should be upgraded in both broker and client.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] codelipenghui closed issue #9250: Protobuf version used in broker and client affected by vulnerability CVE-2015-5237

Posted by GitBox <gi...@apache.org>.

codelipenghui closed issue #9250:
URL: https://github.com/apache/pulsar/issues/9250


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] merlimat commented on issue #9250: Protobuf version used in broker and client affected by vulnerability CVE-2015-5237

Posted by GitBox <gi...@apache.org>.

merlimat commented on issue #9250:
URL: https://github.com/apache/pulsar/issues/9250#issuecomment-763785373


   This is already fixed in #9046 and will be released in 2.8.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org