ORC-1943: Add com.google.protobuf.use_unsafe_pre22_gencode to Surefire testing#2305
Closed
dongjoon-hyun wants to merge 1 commit intoapache:mainfrom
Closed
ORC-1943: Add com.google.protobuf.use_unsafe_pre22_gencode to Surefire testing#2305dongjoon-hyun wants to merge 1 commit intoapache:mainfrom
com.google.protobuf.use_unsafe_pre22_gencode to Surefire testing#2305dongjoon-hyun wants to merge 1 commit intoapache:mainfrom
Conversation
dongjoon-hyun
added a commit
that referenced
this pull request
Jun 30, 2025
…ire testing ### What changes were proposed in this pull request? This PR aims to add `com.google.protobuf.use_unsafe_pre22_gencode` to Surefire testing. ### Why are the changes needed? To suppress the following warnings during testing which occurs since ORC-1934 - #2246 ``` [INFO] Running org.apache.orc.impl.TestZlib Jun 30, 2025 2:50:15 PM com.google.protobuf.GeneratedMessage warnPre22Gencode WARNING: Vulnerable protobuf generated type in use: org.apache.orc.OrcProto$PostScript As of 2022/09/29 (release 21.7) makeExtensionsImmutable should not be called from protobuf gencode. If you are seeing this message, your gencode is vulnerable to a denial of service attack. You should regenerate your code using protobuf 25.6 or later. Use the latest version that meets your needs. However, if you understand the risks and wish to continue with vulnerable gencode, you can set the system property `-Dcom.google.protobuf.use_unsafe_pre22_gencode` on the command line to silence this warning. You also can set `-Dcom.google.protobuf.error_on_unsafe_pre22_gencode` to throw an error instead. See security vulnerability: GHSA-h4h5-3hr4-j3g2 ``` ### How was this patch tested? Manual tests because this is a warning log message. ### Was this patch authored or co-authored using generative AI tooling? No. Closes #2305 from dongjoon-hyun/ORC-1943. Authored-by: Dongjoon Hyun <dongjoon@apache.org> Signed-off-by: Dongjoon Hyun <dongjoon@apache.org> (cherry picked from commit 88aaab5) Signed-off-by: Dongjoon Hyun <dongjoon@apache.org>
dongjoon-hyun
pushed a commit
to apache/orc-format
that referenced
this pull request
Aug 13, 2025
### What changes were proposed in this pull request? This PR aims to fix the mismatch between protoc and protobuf in orc-format module. ### Why are the changes needed? Using ORC 2.1.3, `protobuf.GeneratedMessage` will output some warning information. apache/orc#2305 ### How was this patch tested? local test After regenerating orc-format, no warning. This closes #29
dongjoon-hyun
pushed a commit
to apache/orc-format
that referenced
this pull request
Aug 13, 2025
This PR aims to fix the mismatch between protoc and protobuf in orc-format module. Using ORC 2.1.3, `protobuf.GeneratedMessage` will output some warning information. apache/orc#2305 local test After regenerating orc-format, no warning. This closes #29 (cherry picked from commit 654dd3f) Signed-off-by: Dongjoon Hyun <dongjoon@apache.org>
dongjoon-hyun
pushed a commit
to apache/orc-format
that referenced
this pull request
Aug 13, 2025
### What changes were proposed in this pull request? This PR aims to fix the mismatch between protoc and protobuf in orc-format module. ### Why are the changes needed? Using ORC 2.1.3, `protobuf.GeneratedMessage` will output some warning information. apache/orc#2305 ### How was this patch tested? local test After regenerating orc-format, no warning. This closes #29 (cherry picked from commit 654dd3f) Signed-off-by: Dongjoon Hyun <dongjoon@apache.org>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What changes were proposed in this pull request?
This PR aims to add
com.google.protobuf.use_unsafe_pre22_gencodeto Surefire testing.Why are the changes needed?
To suppress the following warnings during testing which occurs since ORC-1934
protobuf-javato 3.25.8 #2246How was this patch tested?
Manual tests because this is a warning log message.
Was this patch authored or co-authored using generative AI tooling?
No.