hive icon indicating copy to clipboard operation
hive copied to clipboard
verified publisher icon apache

HIVE-28577: Upgrade protobuf version to 3.25.5 to fix CVE

Open Aggarwal-Raghav opened this issue 1 year ago • 3 comments

What changes were proposed in this pull request?

Upgrading protobuf version to 3.25.5

Why are the changes needed?

To fix CVE: CVE-2024-7254 and to be in sync with TEZ (master branch) protobuf version as well.

Does this PR introduce any user-facing change?

NO

Is the change a dependency upgrade?

YES dependency_tree.txt

How was this patch tested?

Will see output of Jenkins

Aggarwal-Raghav avatar Oct 15 '24 07:10 Aggarwal-Raghav

For protobuf 3.25.5 generated code:

  1. Downloaded protoc 3.25.5 and set it in the classpath.
  2. Built hive project with the command: mvn clean install -DskipTests -Pitests,dist,qsplits,errorProne,protobuf -Drat.skip=true

Aggarwal-Raghav avatar Oct 15 '24 07:10 Aggarwal-Raghav

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

sonarqubecloud[bot] avatar Oct 16 '24 04:10 sonarqubecloud[bot]

@ayushtkn , can you please review this?

Aggarwal-Raghav avatar Oct 16 '24 07:10 Aggarwal-Raghav