You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@tez.apache.org by "Sruthi Mooriyathvariam (Jira)" <ji...@apache.org> on 2022/05/01 06:05:00 UTC
[jira] [Comment Edited] (TEZ-4410) Upgrade protobuf-java version to 3.16.1 to resolve the security compliance issue CVE-2021-22569
[ https://issues.apache.org/jira/browse/TEZ-4410?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17530488#comment-17530488 ]
Sruthi Mooriyathvariam edited comment on TEZ-4410 at 5/1/22 6:04 AM:
---------------------------------------------------------------------
[~abstractdog] , Thanks for your comment.
I see that the Jira: TEZ-4363 is upgrading the protobuf version to 3.19.4 and I guess the vulnerability [CVE-2021-22569|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22569] would be handled with this change as the problem was with version 2.5.0.
Thus closing this ticket as its duplicate.
was (Author: warriersruthi):
[~abstractdog] , I see that the Jira: TEZ-4363 is upgrading the protobuf version to 3.19.4 and I guess the vulnerability [CVE-2021-22569|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22569] would be handled with this change as the problem was with version 2.5.0.
Thus closing this ticket as its duplicate.
> Upgrade protobuf-java version to 3.16.1 to resolve the security compliance issue CVE-2021-22569
> -----------------------------------------------------------------------------------------------
>
> Key: TEZ-4410
> URL: https://issues.apache.org/jira/browse/TEZ-4410
> Project: Apache Tez
> Issue Type: Task
> Reporter: Sruthi Mooriyathvariam
> Priority: Minor
>
> Link: [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22569]
--
This message was sent by Atlassian Jira
(v8.20.7#820007)