Uploaded image for project: 'ORC'
  1. ORC
  2. ORC-1212

Upgrade protobuf-java to 3.17.3

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • 1.8.0, 1.6.14, 1.7.5
    • 1.8.0
    • None

    Description

      Our static analysis software has detected that ORC uses protobuf-java@2.5.0, which is vulnerable to CVE-2021-22569. ORC should be upgraded to a version that is 3.16.1+, which is the lowest non-vulnerable verison. 

      Attachments

        Issue Links

          Activity

            People

              dongjoon Dongjoon Hyun
              ess-truveta Eugene Shinn (Truveta)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: