From ae7c487628c7addc695f41d886b4fa5551d198fb Mon Sep 17 00:00:00 2001 From: Lari Hotari Date: Mon, 10 Jan 2022 22:15:22 +0200 Subject: [PATCH] [Security] Upgrade protobuf to 3.16.1 to address CVE-2021-22569 --- distribution/server/src/assemble/LICENSE.bin.txt | 4 ++-- pom.xml | 2 +- pulsar-sql/presto-distribution/LICENSE | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt index b2c1da45aeadd..07b43e4ab2a52 100644 --- a/distribution/server/src/assemble/LICENSE.bin.txt +++ b/distribution/server/src/assemble/LICENSE.bin.txt @@ -548,8 +548,8 @@ MIT License Protocol Buffers License * Protocol Buffers - - com.google.protobuf-protobuf-java-3.11.4.jar -- licenses/LICENSE-protobuf.txt - - com.google.protobuf-protobuf-java-util-3.11.4.jar -- licenses/LICENSE-protobuf.txt + - com.google.protobuf-protobuf-java-3.16.1.jar -- licenses/LICENSE-protobuf.txt + - com.google.protobuf-protobuf-java-util-3.16.1.jar -- licenses/LICENSE-protobuf.txt CDDL-1.1 -- licenses/LICENSE-CDDL-1.1.txt * Java Annotations API diff --git a/pom.xml b/pom.xml index c7bb69efc4e45..b53d2c84f2196 100644 --- a/pom.xml +++ b/pom.xml @@ -129,7 +129,7 @@ flexible messaging model and an intuitive client API. 8.37 1.4.13 0.5.0 - 3.11.4 + 3.16.1 ${protobuf3.version} 1.33.0 0.19.0 diff --git a/pulsar-sql/presto-distribution/LICENSE b/pulsar-sql/presto-distribution/LICENSE index 69c387bb5c53b..ed9d018647fff 100644 --- a/pulsar-sql/presto-distribution/LICENSE +++ b/pulsar-sql/presto-distribution/LICENSE @@ -460,7 +460,7 @@ The Apache Software License, Version 2.0 Protocol Buffers License * Protocol Buffers - - protobuf-java-3.11.4.jar + - protobuf-java-3.16.1.jar BSD 3-clause "New" or "Revised" License * RE2J TD -- re2j-td-1.4.jar