You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@avro.apache.org by ie...@apache.org on 2019/02/06 08:40:16 UTC

[avro] branch master updated: [AVRO-2314] Bump protobuf to 3.6.1

This is an automated email from the ASF dual-hosted git repository.

iemejia pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/avro.git


The following commit(s) were added to refs/heads/master by this push:
     new 6b5963d  [AVRO-2314] Bump protobuf to 3.6.1
6b5963d is described below

commit 6b5963d64e8c339c5266b6b14c707ea9cb10f8fa
Author: Fokko Driesprong <fo...@godatadriven.com>
AuthorDate: Tue Feb 5 23:38:51 2019 +0100

    [AVRO-2314] Bump protobuf to 3.6.1
    
    There is an outstanding CVE on 3.4.0+
    https://ossindex.sonatype.org/vuln/d47d20ab-eb2a-4cfd-8064-bbf6283649cb
---
 lang/java/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lang/java/pom.xml b/lang/java/pom.xml
index 4f5b600..28d1fe6 100644
--- a/lang/java/pom.xml
+++ b/lang/java/pom.xml
@@ -44,7 +44,7 @@
     <jopt-simple.version>5.0.4</jopt-simple.version>
     <junit.version>4.12</junit.version>
     <netty.version>3.10.6.Final</netty.version>
-    <protobuf.version>2.6.1</protobuf.version>
+    <protobuf.version>3.6.1</protobuf.version>
     <thrift.version>0.11.0</thrift.version>
     <slf4j.version>1.7.25</slf4j.version>
     <snappy.version>1.1.7.2</snappy.version>