Skip to content
This repository has been archived by the owner on Mar 3, 2023. It is now read-only.

Upgrade protobuf to 3.16.1 CVE-2021-22569 #3797

Merged
merged 4 commits into from
Mar 25, 2022
Merged

Upgrade protobuf to 3.16.1 CVE-2021-22569 #3797

merged 4 commits into from
Mar 25, 2022

Conversation

thinker0
Copy link
Member

@thinker0 thinker0 commented Mar 24, 2022
edited
Loading

Upgrade protobuf to 3.16.1 contains DoS vulnerability CVE-2021-22569, https://nvd.nist.gov/vuln/detail/CVE-2021-22569

./docker/scripts/test-unittest.sh darwin 0.20.5
INFO: Elapsed time: 1564.655s, Critical Path: 302.52s
INFO: 6146 processes: 2443 internal, 3703 local.
INFO: Build completed successfully, 6146 total actions
Test cases: finished with 1189 passing and 0 failing out of 1189 test cases

Executed 247 out of 247 tests: 247 tests pass.
INFO: Build completed successfully, 6146 total actions
Cleaning up scratch dir

Work

[v] python protobuf
[v] java protobuf
[v] centos7 Test

@thinker0 thinker0 changed the title Upgrade protobuf to 3.16.1 to address CVE-2021-22569 Upgrade protobuf to 3.16.1 CVE-2021-22569 Mar 24, 2022
@thinker0 thinker0 marked this pull request as draft March 24, 2022 09:11
@thinker0
Fix include
b248f76 
(cherry picked from commit 52ed112)
@thinker0 thinker0 mentioned this pull request Mar 24, 2022
Draft
9 tasks
surahman
surahman approved these changes Mar 25, 2022
View reviewed changes
Copy link
Member

@surahman surahman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@thinker0 incredible work getting all these PRs pushed through.

@thinker0
Update protobuf-3.16.0 of Python
1b85977 
Update protobuf-java-3.16.1 of Java
@thinker0
Copy link
Member Author

[v] python protobuf
[v] java protobuf
[v] centos7 Test

@thinker0 thinker0 marked this pull request as ready for review March 25, 2022 11:15
@joshfischer1108
Copy link
Member

Nice work, @thinker0. +1

@joshfischer1108 joshfischer1108 merged commit bcaa38d into apache:master Mar 25, 2022
@thinker0 thinker0 deleted the feature/fix-protobuf branch March 26, 2022 02:25
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@nicknezis nicknezis nicknezis left review comments

@joshfischer1108 joshfischer1108 joshfischer1108 approved these changes

@surahman surahman surahman approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@thinker0 @joshfischer1108 @nicknezis @surahman