Home Explore Help
Register Sign In
apache
/
hadoop
mirror of https://github.com/apache/hadoop.git
2
0
Fork 1
Files Issues 0 Wiki
Browse Source

HADOOP-19289. Upgrade to protobuf-java 3.25.5 (#7072)

Addresses CVE-2024-7254

Contributed by PJ Fanning
PJ Fanning 3 months ago
parent
b6916ebe90
commit
d9bcee929e
2 changed files with 2 additions and 2 deletions
Split View Show Diff Stats
  1. 1 1
      LICENSE-binary
  2. 1 1
      hadoop-project/pom.xml

+ 1 - 1
LICENSE-binary
View File 

@@ -395,7 +395,7 @@ hadoop-hdfs-project/hadoop-hdfs/src/main/webapps/static/d3-3.5.17.min.js
 
 leveldb v1.13
 
 
 com.google.protobuf:protobuf-java:2.5.0
 
-com.google.protobuf:protobuf-java:3.25.3
 
+com.google.protobuf:protobuf-java:3.25.5
 
 com.google.re2j:re2j:1.1
 
 com.jcraft:jsch:0.1.55
 
 com.thoughtworks.paranamer:paranamer:2.3

+ 1 - 1
hadoop-project/pom.xml
View File 

@@ -93,7 +93,7 @@
 
     <!-- Protobuf scope in other modules which explicitly import the libarary -->
 
     <transient.protobuf2.scope>${common.protobuf2.scope}</transient.protobuf2.scope>
 
     <!-- ProtocolBuffer version, actually used in Hadoop -->
 
-    <hadoop.protobuf.version>3.23.4</hadoop.protobuf.version>
 
+    <hadoop.protobuf.version>3.25.5</hadoop.protobuf.version>
 
     <protoc.path>${env.HADOOP_PROTOC_PATH}</protoc.path>
 
 
     <hadoop-thirdparty.version>1.3.0</hadoop-thirdparty.version>