upgrade protobuf-java dependencies due to CVEs #222
Milestone
Comments
pjfanning
changed the title
|
Thanks @pjfanning for working on Pekko connectors. I see #230 PR is merged, thus can this issue be closed? As it is the last open issue for 1.0.0 milestone, when could we expect the connectors release to maven repo? |
|
closing as #230 is done @rafalmag Releases in the ASF take a while because they require votes. This is best followed at https://lists.apache.org/list.html?dev@pekko.apache.org The TLDR is that the Pekko Connectors release could happen tonight but it should happen soon. See in particular, these mail threads: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The Google BigQuery Storage and Google Pub/Sub gRPC connectors use protobuf-java due to the gRPC libs they use. The version of the gRPC libs we use is a bit old and defaults to protobuf-java 3.21.1. This version has CVEs. Let's use 3.21.12 instead (latest 3.21.x release as of Aug 2023).
The text was updated successfully, but these errors were encountered: