Skip to content

Commit

Permalink
junixsocket-demo: Bump protobuf-java version
Browse files Browse the repository at this point in the history 
mysql-connector-java depends on an outdated protobuf-java artifact
(3.19.4) that has a security issue.

Bump protobuf-java to 3.19.6.

https://ossindex.sonatype.org/vulnerability/CVE-2022-3171?component-type=maven&component-name=com.google.protobuf%2Fprotobuf-java&utm_source=ossindex-client&utm_medium=integration&utm_content=1.7.0
  • Loading branch information
@kohlschuetter
kohlschuetter committed Oct 14, 2022
1 parent 16c211c commit 1419dff
Showing 1 changed file with 13 additions and 0 deletions.
13 changes: 13 additions & 0 deletions junixsocket-demo/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,19 @@
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>8.0.30</version>
<exclusions>
<exclusion>
<groupId>com.google.protobuf</groupId>
<artifactId>protobuf-java</artifactId>
<!-- CVE-2022-3171: 3.19.4 -->
</exclusion>
</exclusions>
</dependency>
<dependency>
<!-- CVE-2022-3171: replace 3.19.4 (dependency of mysql-connector-java) -->
<groupId>com.google.protobuf</groupId>
<artifactId>protobuf-java</artifactId>
<version>3.19.6</version>
</dependency>
<dependency>
<!-- NOTE: Due to this dependency, maven-project-info-reports-plugin
Expand Down

0 comments on commit 1419dff

Please sign in to comment.