Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update protobuf-java dependency in graphql-java-support/pom.xml to the latest version #141

Closed
sefi18 opened this issue Feb 2, 2022 · 2 comments
Closed

Update protobuf-java dependency in graphql-java-support/pom.xml to the latest version #141

sefi18 opened this issue Feb 2, 2022 · 2 comments

Comments

@sefi18
Copy link

sefi18 commented Feb 2, 2022

The currently used version of protobuf-java is 3.9, which has a reported CVE issue:

https://cloud.google.com/support/bulletins#gcp-2022-001
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22569

Even if this has no attack vectors here it cause alerts in scanning tools like Whitesource.

Expectation:
Please update to the latest version (version 3.19.3 at the time of writing).
@sefi18
Copy link
Author

sefi18 commented Feb 2, 2022

Oh, there seems to be already a pending pull request for this issue...
#135

@martinbonnin
Copy link
Contributor

Thanks! We'll include that in next release, most probably next week!

@sefi18 sefi18 closed this as completed Apr 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@martinbonnin @sefi18