You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@tez.apache.org by "Sruthi Mooriyathvariam (Jira)" <ji...@apache.org> on 2022/05/01 06:05:00 UTC

[jira] [Comment Edited] (TEZ-4410) Upgrade protobuf-java version to 3.16.1 to resolve the security compliance issue CVE-2021-22569

    [ https://issues.apache.org/jira/browse/TEZ-4410?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17530488#comment-17530488 ] 

Sruthi Mooriyathvariam edited comment on TEZ-4410 at 5/1/22 6:04 AM:
---------------------------------------------------------------------

[~abstractdog] , Thanks for your comment. 
I see that the Jira: TEZ-4363 is upgrading the protobuf version to 3.19.4 and I guess the vulnerability [CVE-2021-22569|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22569] would be handled with this change as the problem was with version 2.5.0. 
Thus closing this ticket as its duplicate.


was (Author: warriersruthi):
[~abstractdog] , I see that the Jira: TEZ-4363 is upgrading the protobuf version to 3.19.4 and I guess the vulnerability [CVE-2021-22569|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22569] would be handled with this change as the problem was with version 2.5.0. 
Thus closing this ticket as its duplicate.

> Upgrade protobuf-java version to 3.16.1 to resolve the security compliance issue CVE-2021-22569
> -----------------------------------------------------------------------------------------------
>
>                 Key: TEZ-4410
>                 URL: https://issues.apache.org/jira/browse/TEZ-4410
>             Project: Apache Tez
>          Issue Type: Task
>            Reporter: Sruthi Mooriyathvariam
>            Priority: Minor
>
> Link: [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22569]



--
This message was sent by Atlassian Jira
(v8.20.7#820007)