-
Notifications
You must be signed in to change notification settings - Fork 466
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
protobuf-java vulnerability #1384
Comments
👀 We are also trying to resolve this vulnerability in amazon-kinesis-client. Any releases coming soon? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I am using version 2.6.0 of
amazon-kinesis-client
which which depends on version 3.21.12 ofprotobuf-java
which has a security issue:I see that in your default branch, you have bumped
protobuf-java
to 4.27.0 (which doesn't have the security issue). Do you intend to create a release ofamazon-kinesis-client
with this change soon?If not, how safe is it for us to exclude the dependency on
protobuf-java
? How is it used byamazon-kinesis-client
?The text was updated successfully, but these errors were encountered: