From 23de4fefa50515d39edb6152918f1db2b32bb55b Mon Sep 17 00:00:00 2001 From: TharmiganK Date: Tue, 24 Sep 2024 16:32:59 +0530 Subject: [PATCH 1/3] Update protobuf version --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index 3483ca0122..1484723497 100644 --- a/gradle.properties +++ b/gradle.properties @@ -21,7 +21,7 @@ mockitoVersion=5.3.1 gsonVersion=2.7 lz4Version=1.3.0 marshallingVersion=2.0.5.Final -protobufVersion=3.20.3 +protobufVersion=3.25.5 jacocoVersion=0.8.10 stdlibIoVersion=1.6.0 From c04b60d991808911bf707de5e194dbd13ae46308 Mon Sep 17 00:00:00 2001 From: TharmiganK Date: Tue, 24 Sep 2024 16:33:03 +0530 Subject: [PATCH 2/3] Update change log --- changelog.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/changelog.md b/changelog.md index 4a32e80ffb..3e75449f97 100644 --- a/changelog.md +++ b/changelog.md @@ -5,6 +5,12 @@ This file contains all the notable changes done to the Ballerina HTTP package th The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [Unreleased] + +### Fixed + +- [Address CVE-2024-7254 vulnerability](https://github.com/ballerina-platform/ballerina-library/issues/7013) + ## [2.10.15] - 2024-07-24 ### Fixed From c374d694712d3728756bd2198fc96cc1a60d45f7 Mon Sep 17 00:00:00 2001 From: TharmiganK Date: Tue, 24 Sep 2024 16:33:42 +0530 Subject: [PATCH 3/3] [Automated] Update the native jar versions --- ballerina/Ballerina.toml | 10 +++++----- ballerina/CompilerPlugin.toml | 2 +- ballerina/Dependencies.toml | 8 ++++---- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/ballerina/Ballerina.toml b/ballerina/Ballerina.toml index 7ad5102ea7..ce9db61015 100644 --- a/ballerina/Ballerina.toml +++ b/ballerina/Ballerina.toml @@ -1,7 +1,7 @@ [package] org = "ballerina" name = "http" -version = "2.10.15" +version = "2.10.16" authors = ["Ballerina"] keywords = ["http", "network", "service", "listener", "client"] repository = "https://github.com/ballerina-platform/module-ballerina-http" @@ -16,8 +16,8 @@ graalvmCompatible = true [[platform.java17.dependency]] groupId = "io.ballerina.stdlib" artifactId = "http-native" -version = "2.10.15" -path = "../native/build/libs/http-native-2.10.15.jar" +version = "2.10.16" +path = "../native/build/libs/http-native-2.10.16-SNAPSHOT.jar" [[platform.java17.dependency]] groupId = "io.ballerina.stdlib" @@ -169,5 +169,5 @@ path = "./lib/lz4-1.3.0.jar" [[platform.java17.dependency]] groupId = "com.google.protobufl" artifactId = "protobuf-java" -version = "3.20.3" -path = "./lib/protobuf-java-3.20.3.jar" +version = "3.25.5" +path = "./lib/protobuf-java-3.25.5.jar" diff --git a/ballerina/CompilerPlugin.toml b/ballerina/CompilerPlugin.toml index e383fb0fbe..ce9a3c47c1 100644 --- a/ballerina/CompilerPlugin.toml +++ b/ballerina/CompilerPlugin.toml @@ -3,4 +3,4 @@ id = "http-compiler-plugin" class = "io.ballerina.stdlib.http.compiler.HttpCompilerPlugin" [[dependency]] -path = "../compiler-plugin/build/libs/http-compiler-plugin-2.10.15.jar" +path = "../compiler-plugin/build/libs/http-compiler-plugin-2.10.16-SNAPSHOT.jar" diff --git a/ballerina/Dependencies.toml b/ballerina/Dependencies.toml index 6ec9ee4017..b0cd9cfe6e 100644 --- a/ballerina/Dependencies.toml +++ b/ballerina/Dependencies.toml @@ -25,7 +25,7 @@ modules = [ [[package]] org = "ballerina" name = "cache" -version = "3.7.0" +version = "3.7.1" dependencies = [ {org = "ballerina", name = "constraint"}, {org = "ballerina", name = "jballerina.java"}, @@ -76,7 +76,7 @@ modules = [ [[package]] org = "ballerina" name = "http" -version = "2.10.15" +version = "2.10.16" dependencies = [ {org = "ballerina", name = "auth"}, {org = "ballerina", name = "cache"}, @@ -108,7 +108,7 @@ modules = [ [[package]] org = "ballerina" name = "io" -version = "1.6.0" +version = "1.6.1" dependencies = [ {org = "ballerina", name = "jballerina.java"}, {org = "ballerina", name = "lang.value"} @@ -283,7 +283,7 @@ modules = [ [[package]] org = "ballerina" name = "observe" -version = "1.2.0" +version = "1.2.3" dependencies = [ {org = "ballerina", name = "jballerina.java"} ]