-
Notifications
You must be signed in to change notification settings - Fork 108
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[close #542] update protobuf version to 3.16.1 #539
Conversation
Signed-off-by: marsishandsome <marsishandsome@gmail.com>
/run-all-tests |
Codecov Report
@@ Coverage Diff @@
## master #539 +/- ##
============================================
- Coverage 32.01% 31.95% -0.06%
- Complexity 1310 1313 +3
============================================
Files 278 278
Lines 17344 17344
Branches 1975 1975
============================================
- Hits 5552 5542 -10
- Misses 11170 11181 +11
+ Partials 622 621 -1
Continue to review full report at Codecov.
|
what problem do you wish to solve by updating the protobuf version? |
|
@zz-jason @iosmanthus PTAL |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Signed-off-by: ti-srebot <ti-srebot@pingcap.com>
cherry pick to release-3.1 in PR #543 |
cherry pick to release-3.2 in PR #544 |
Signed-off-by: ti-srebot <ti-srebot@pingcap.com>
Signed-off-by: ti-srebot <ti-srebot@pingcap.com> Co-authored-by: Liangliang Gu <marsishandsome@gmail.com>
Signed-off-by: ti-srebot <ti-srebot@pingcap.com> Co-authored-by: Liangliang Gu <marsishandsome@gmail.com>
Signed-off-by: marsishandsome marsishandsome@gmail.com
What problem does this PR solve?
Issue Number: close #542
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.
https://nvd.nist.gov/vuln/detail/CVE-2021-22569
What is changed and how it works?
Fix: upgrade protobuf-java from
3.12.0
to3.16.1