Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-18848

Upgrade protobuf to 3.15.0 or newer

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 3.3.5, 3.3.6
    • None
    • hadoop-thirdparty
    • None

    Description

      Hadoop includes a shaded version of protobuf-java (currently uses protobuf-java 3.7.1), however, CVE-2021-22570 is a HIGH vulnerability that can be fixed by upgrading to protobuf-java 3.15.0.

      Please consider upgrading hadoop-shaded-protobuf to this newer version.

       

      Relates to HADOOP-13363 and HADOOP-16821

      Attachments

        Issue Links

          duplicates

          Improvement - An improvement or enhancement to an existing feature or task. HADOOP-18197 Update protobuf 3.7.1 to a version without CVE-2021-22569

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              codecraig Craig W
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated: