raydp icon indicating copy to clipboard operation
raydp copied to clipboard

Published 20 hours ago verified publisher icon oap-project

Fix security issue of protobuf < 3.19.5

Open jiafuzha opened this issue 1 year ago • 0 comments

There is a security issue report, https://github.com/oap-project/raydp/security/dependabot/6.

Package protobuf

Affected versions >= 3.19.0, < 3.19.5

Patched version 3.19.5

 protobuf-cpp and protobuf-python have potential Denial of Service issue

To fix it, we limit protobuf > 3.19.5 and <= 3.20.3

jiafuzha avatar Apr 18 '23 08:04 jiafuzha