Skip to content

ORC-1943: Add com.google.protobuf.use_unsafe_pre22_gencode to Surefire testing #2305

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dongjoon-hyun wants to merge 1 commit into from
Closed

ORC-1943: Add com.google.protobuf.use_unsafe_pre22_gencode to Surefire testing #2305

dongjoon-hyun wants to merge 1 commit into from

Conversation

@dongjoon-hyun
Copy link
Member

@dongjoon-hyun dongjoon-hyun commented Jun 30, 2025
edited
Loading

What changes were proposed in this pull request?

This PR aims to add com.google.protobuf.use_unsafe_pre22_gencode to Surefire testing.

Why are the changes needed?

To suppress the following warnings during testing which occurs since ORC-1934

[INFO] Running org.apache.orc.impl.TestZlib
Jun 30, 2025 2:50:15 PM com.google.protobuf.GeneratedMessage warnPre22Gencode
WARNING: Vulnerable protobuf generated type in use: org.apache.orc.OrcProto$PostScript
As of 2022/09/29 (release 21.7) makeExtensionsImmutable should not be called from protobuf gencode. If you are seeing this message, your gencode is vulnerable to a denial of service attack. You should regenerate your code using protobuf 25.6 or later. Use the latest version that meets your needs. However, if you understand the risks and wish to continue with vulnerable gencode, you can set the system property `-Dcom.google.protobuf.use_unsafe_pre22_gencode` on the command line to silence this warning. You also can set `-Dcom.google.protobuf.error_on_unsafe_pre22_gencode` to throw an error instead. See security vulnerability: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2

How was this patch tested?

Manual tests because this is a warning log message.

Was this patch authored or co-authored using generative AI tooling?

No.

@dongjoon-hyun dongjoon-hyun added this to the 2.1.3 milestone Jun 30, 2025
dongjoon-hyun added a commit that referenced this pull request Jun 30, 2025
@dongjoon-hyun
ORC-1943: Add com.google.protobuf.use_unsafe_pre22_gencode to Suref…
28e001b 
…ire testing

### What changes were proposed in this pull request?

This PR aims to add `com.google.protobuf.use_unsafe_pre22_gencode` to Surefire testing.

### Why are the changes needed?

To suppress the following warnings during testing which occurs since ORC-1934
- #2246

```
[INFO] Running org.apache.orc.impl.TestZlib
Jun 30, 2025 2:50:15 PM com.google.protobuf.GeneratedMessage warnPre22Gencode
WARNING: Vulnerable protobuf generated type in use: org.apache.orc.OrcProto$PostScript
As of 2022/09/29 (release 21.7) makeExtensionsImmutable should not be called from protobuf gencode. If you are seeing this message, your gencode is vulnerable to a denial of service attack. You should regenerate your code using protobuf 25.6 or later. Use the latest version that meets your needs. However, if you understand the risks and wish to continue with vulnerable gencode, you can set the system property `-Dcom.google.protobuf.use_unsafe_pre22_gencode` on the command line to silence this warning. You also can set `-Dcom.google.protobuf.error_on_unsafe_pre22_gencode` to throw an error instead. See security vulnerability: GHSA-h4h5-3hr4-j3g2
```

### How was this patch tested?

Manual tests because this is a warning log message.

### Was this patch authored or co-authored using generative AI tooling?

No.

Closes #2305 from dongjoon-hyun/ORC-1943.

Authored-by: Dongjoon Hyun <[email protected]>
Signed-off-by: Dongjoon Hyun <[email protected]>
(cherry picked from commit 88aaab5)
Signed-off-by: Dongjoon Hyun <[email protected]>
@dongjoon-hyun dongjoon-hyun mentioned this pull request Jun 30, 2025
Closed
@cxzl25 cxzl25 mentioned this pull request Jul 14, 2025
Merged
dongjoon-hyun pushed a commit to apache/orc-format that referenced this pull request Aug 13, 2025
@cxzl25
ORC-FORMAT-29: Upgrade protoc and protobuf-java to 3.25.8
654dd3f 
### What changes were proposed in this pull request?

This PR aims to fix the mismatch between protoc and protobuf in orc-format module.

### Why are the changes needed?

Using ORC 2.1.3, `protobuf.GeneratedMessage` will output some warning information.

apache/orc#2305

### How was this patch tested?
local test

After regenerating orc-format, no warning.

This closes #29
dongjoon-hyun pushed a commit to apache/orc-format that referenced this pull request Aug 13, 2025
@cxzl25 @dongjoon-hyun
ORC-FORMAT-29: Upgrade protoc and protobuf-java to 3.25.8
2e13d8c 
This PR aims to fix the mismatch between protoc and protobuf in orc-format module.

Using ORC 2.1.3, `protobuf.GeneratedMessage` will output some warning information.

apache/orc#2305

local test

After regenerating orc-format, no warning.

This closes #29

(cherry picked from commit 654dd3f)
Signed-off-by: Dongjoon Hyun <[email protected]>
dongjoon-hyun pushed a commit to apache/orc-format that referenced this pull request Aug 13, 2025
@cxzl25 @dongjoon-hyun
ORC-FORMAT-29: Upgrade protoc and protobuf-java to 3.25.8
f8dcf9e 
### What changes were proposed in this pull request?

This PR aims to fix the mismatch between protoc and protobuf in orc-format module.

### Why are the changes needed?

Using ORC 2.1.3, `protobuf.GeneratedMessage` will output some warning information.

apache/orc#2305

### How was this patch tested?
local test

After regenerating orc-format, no warning.

This closes #29

(cherry picked from commit 654dd3f)
Signed-off-by: Dongjoon Hyun <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

BUILD JAVA

Projects

None yet

Milestone

2.1.3

Development

Successfully merging this pull request may close these issues.

1 participant

@dongjoon-hyun