hvub opened a new issue, #44770: URL: https://github.com/apache/arrow/issues/44770
### Describe the enhancement requested Regarding Apache Arrow dependency to com.google.protobuf:protobuf-java-util https://github.com/apache/arrow/blob/main/java/pom.xml#L101 Please consider updating the dependency to 3.25.5 to address CVE-2024-7254 cf. https://www.cve.org/CVERecord?id=CVE-2024-7254 https://vulert.com/vuln-db/CVE-2024-7254 https://ogma.in/understanding-cve-2024-7254-vulnerability-in-protocol-buffers-and-mitigation-strategies ### Component(s) Java -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@arrow.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
