Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-18197

Update protobuf 3.7.1 to a version without CVE-2021-22569

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    Description

      The artifact `org.apache.hadoop:hadoop-common` brings in a dependency `com.google.protobuf:protobuf-java:2.5.0`, which is an outdated version released in 2013 and it contains a vulnerability CVE-2021-22569.

      Therefore, requesting you to clarify if this library version is going to be updated in the following releases

      Attachments

        Issue Links

        duplicates

        Bug - A problem which impairs or prevents the functions of the product. HADOOP-17860 Upgrade third party protobuf-java-2.5.0.jar to address vulnerabilities #CVE-2015-5237, CVE-2019-15544,

        • Major - Major loss of function.
        • Open
        is duplicated by

        Improvement - An improvement or enhancement to an existing feature or task. HADOOP-18848 Upgrade protobuf to 3.15.0 or newer

        • Major - Major loss of function.
        • Open
        is related to

        Sub-task - The sub-task of the issue HADOOP-19099 Add Protobuf Compatibility Notes

        • Major - Major loss of function.
        • Resolved

        Improvement - An improvement or enhancement to an existing feature or task. HADOOP-19090 Update Protocol Buffers installation to 3.23.4

        • Major - Major loss of function.
        • Resolved
        links to

        Web Link GitHub Pull Request #19

        Web Link GitHub Pull Request #26

        Web Link GitHub Pull Request #4418

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            pj.fanning PJ Fanning
            ivan.viaznikov Ivan Viaznikov
            Votes:
            0 Vote for this issue
            Watchers:
            14 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 2.5h
                2.5h

                Slack

                  Issue deployment