[Security] Upgrade protobuf to 3.16.1 to address CVE-2021-22569 (apac…

…he#13695) - protobuf < 3.16.1 contains DoS vulnerability CVE-2021-22569, https://nvd.nist.gov/vuln/detail/CVE-2021-22569. - upgrade protobuf from 3.11.4 to 3.16.1 (cherry picked from commit 1a3688c)
datastax · Jan 11, 2022 · 23693c9 · 23693c9
1 parent c28ad1f
commit 23693c9
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 5 deletions.
diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -556,8 +556,8 @@ MIT License
 
 Protocol Buffers License
  * Protocol Buffers
-   - com.google.protobuf-protobuf-java-3.11.4.jar -- licenses/LICENSE-protobuf.txt
-   - com.google.protobuf-protobuf-java-util-3.11.4.jar -- licenses/LICENSE-protobuf.txt
+   - com.google.protobuf-protobuf-java-3.16.1.jar -- licenses/LICENSE-protobuf.txt
+   - com.google.protobuf-protobuf-java-util-3.16.1.jar -- licenses/LICENSE-protobuf.txt
 
 CDDL-1.1 -- licenses/LICENSE-CDDL-1.1.txt
  * Java Annotations API

diff --git a/pom.xml b/pom.xml
@@ -128,7 +128,7 @@ flexible messaging model and an intuitive client API.</description>
     <dockerfile-maven.version>1.4.13</dockerfile-maven.version>
     <typetools.version>0.5.0</typetools.version>
     <protobuf2.version>2.4.1</protobuf2.version>
-    <protobuf3.version>3.11.4</protobuf3.version>
+    <protobuf3.version>3.16.1</protobuf3.version>
     <protoc3.version>${protobuf3.version}</protoc3.version>
     <grpc.version>1.33.0</grpc.version>
     <perfmark.version>0.19.0</perfmark.version>

diff --git a/pulsar-sql/presto-distribution/LICENSE b/pulsar-sql/presto-distribution/LICENSE
@@ -473,8 +473,8 @@ The Apache Software License, Version 2.0
 
 Protocol Buffers License
  * Protocol Buffers
-   - protobuf-java-3.11.4.jar
-   - protobuf-java-util-3.11.4.jar
+   - protobuf-java-3.16.1.jar
+   - protobuf-java-util-3.16.1.jar
 
 BSD 3-clause "New" or "Revised" License
   *  RE2J TD -- re2j-td-1.4.jar