[Security] Upgrade protobuf to 3.16.1 to address CVE-2021-22569 (#13695)
### Motivation
- protobuf < 3.16.1 contains DoS vulnerability CVE-2021-22569, https://nvd.nist.gov/vuln/detail/CVE-2021-22569.
### Modifications
- upgrade protobuf from 3.11.4 to 3.16.1
diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt
index b2c1da4..07b43e4 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -548,8 +548,8 @@
Protocol Buffers License
* Protocol Buffers
- - com.google.protobuf-protobuf-java-3.11.4.jar -- licenses/LICENSE-protobuf.txt
- - com.google.protobuf-protobuf-java-util-3.11.4.jar -- licenses/LICENSE-protobuf.txt
+ - com.google.protobuf-protobuf-java-3.16.1.jar -- licenses/LICENSE-protobuf.txt
+ - com.google.protobuf-protobuf-java-util-3.16.1.jar -- licenses/LICENSE-protobuf.txt
CDDL-1.1 -- licenses/LICENSE-CDDL-1.1.txt
* Java Annotations API
diff --git a/pom.xml b/pom.xml
index c7bb69e..b53d2c8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -129,7 +129,7 @@
<puppycrawl.checkstyle.version>8.37</puppycrawl.checkstyle.version>
<dockerfile-maven.version>1.4.13</dockerfile-maven.version>
<typetools.version>0.5.0</typetools.version>
- <protobuf3.version>3.11.4</protobuf3.version>
+ <protobuf3.version>3.16.1</protobuf3.version>
<protoc3.version>${protobuf3.version}</protoc3.version>
<grpc.version>1.33.0</grpc.version>
<perfmark.version>0.19.0</perfmark.version>
diff --git a/pulsar-sql/presto-distribution/LICENSE b/pulsar-sql/presto-distribution/LICENSE
index 69c387b..ed9d018 100644
--- a/pulsar-sql/presto-distribution/LICENSE
+++ b/pulsar-sql/presto-distribution/LICENSE
@@ -460,7 +460,7 @@
Protocol Buffers License
* Protocol Buffers
- - protobuf-java-3.11.4.jar
+ - protobuf-java-3.16.1.jar
BSD 3-clause "New" or "Revised" License
* RE2J TD -- re2j-td-1.4.jar
