[HIVE-27845] Upgrade protobuf to 3.24.4 to fix CVEs - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.0.0
Component/s: None
Labels:
- pull-request-available
- pull_request_available

Description

Current protobuf-java(3.21.3) has the following CVE

Direct vulnerabilities:
CVE-2022-3510
CVE-2022-3509
CVE-2022-3171

Vulnerabilities from dependencies:
CVE-2023-2976
CVE-2020-8908

Attachments

Issue Links

causes

HIVE-28123 Add Generated Protobuf code for 3.24.4 Upgrade

Closed

fixes

HIVE-28269 Please have regular releases of hive and its docker image

Open

links to

GitHub Pull Request #5065

GitHub Pull Request #5082

Activity

People

Assignee:: tanishqchugh

Reporter:: Akshat Mathur

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 02/Nov/23 05:43

Updated:: 05/Jun/24 04:09

Resolved:: 27/Feb/24 09:11