How to adapt Protobuf-java 3.9.1 version to address the CVE-2022-3509 vulnerability

[lixiaoshuai666]

Using the fix for 3.21.7 will cause the unit tests to fail on 3.9.1.

Fix TextFormat parser to build up recurring (but supposedly not repeated) sub-messages directly from text rather than building a new sub-message and merging the fully formed message into the existing field.

How can this issue be fixed in version 3.9.1?

[lixiaoshuai666]

@mkruskal-google
Using the fix for 3.21.7 will cause the unit tests to fail on 3.9.1.

Fix TextFormat parser to build up recurring (but supposedly not repeated) sub-messages directly from text rather than building a new sub-message and merging the fully formed message into the existing field.

How can this issue be fixed in version 3.9.1?

[jguamie]

Can you please update to at least 3.25? You are referring to unsupported versions here.