From 2ff837ab6007baf41c75a04dc31bcdbb96fa1a3c Mon Sep 17 00:00:00 2001 From: "Mark S. Lewis" Date: Fri, 20 Sep 2024 16:14:59 +0100 Subject: [PATCH] Update protobuf-java to address CVE-2024-7254 Signed-off-by: Mark S. Lewis --- examples/build.gradle | 2 +- examples/example-alts/build.gradle | 2 +- examples/example-debug/build.gradle | 2 +- examples/example-debug/pom.xml | 2 +- examples/example-dualstack/build.gradle | 2 +- examples/example-dualstack/pom.xml | 2 +- examples/example-gauth/build.gradle | 2 +- examples/example-gauth/pom.xml | 2 +- examples/example-gcp-csm-observability/build.gradle | 2 +- examples/example-gcp-observability/build.gradle | 2 +- examples/example-hostname/build.gradle | 2 +- examples/example-hostname/pom.xml | 2 +- examples/example-jwt-auth/build.gradle | 2 +- examples/example-jwt-auth/pom.xml | 4 ++-- examples/example-oauth/build.gradle | 2 +- examples/example-oauth/pom.xml | 4 ++-- examples/example-opentelemetry/build.gradle | 2 +- examples/example-orca/build.gradle | 2 +- examples/example-reflection/build.gradle | 2 +- examples/example-servlet/build.gradle | 2 +- examples/example-tls/build.gradle | 2 +- examples/example-tls/pom.xml | 2 +- examples/example-xds/build.gradle | 2 +- examples/pom.xml | 4 ++-- gradle/libs.versions.toml | 2 +- 25 files changed, 28 insertions(+), 28 deletions(-) diff --git a/examples/build.gradle b/examples/build.gradle index c10b4eef46..24f6d2b04f 100644 --- a/examples/build.gradle +++ b/examples/build.gradle @@ -24,7 +24,7 @@ java { // Feel free to delete the comment at the next line. It is just for safely // updating the version in our release process. def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION -def protobufVersion = '3.25.3' +def protobufVersion = '3.25.5' def protocVersion = protobufVersion dependencies { diff --git a/examples/example-alts/build.gradle b/examples/example-alts/build.gradle index 0d7d959de9..6b1f0ded16 100644 --- a/examples/example-alts/build.gradle +++ b/examples/example-alts/build.gradle @@ -25,7 +25,7 @@ java { // Feel free to delete the comment at the next line. It is just for safely // updating the version in our release process. def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION -def protocVersion = '3.25.3' +def protocVersion = '3.25.5' dependencies { // grpc-alts transitively depends on grpc-netty-shaded, grpc-protobuf, and grpc-stub diff --git a/examples/example-debug/build.gradle b/examples/example-debug/build.gradle index 5565747cb1..97bca5f91b 100644 --- a/examples/example-debug/build.gradle +++ b/examples/example-debug/build.gradle @@ -26,7 +26,7 @@ java { // Feel free to delete the comment at the next line. It is just for safely // updating the version in our release process. def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION -def protobufVersion = '3.25.3' +def protobufVersion = '3.25.5' dependencies { implementation "io.grpc:grpc-protobuf:${grpcVersion}" diff --git a/examples/example-debug/pom.xml b/examples/example-debug/pom.xml index 064d989c04..dc399a78c9 100644 --- a/examples/example-debug/pom.xml +++ b/examples/example-debug/pom.xml @@ -13,7 +13,7 @@ UTF-8 1.68.0-SNAPSHOT - 3.25.3 + 3.25.5 1.8 1.8 diff --git a/examples/example-dualstack/build.gradle b/examples/example-dualstack/build.gradle index 554b5f758d..0c45e6de7c 100644 --- a/examples/example-dualstack/build.gradle +++ b/examples/example-dualstack/build.gradle @@ -26,7 +26,7 @@ java { // Feel free to delete the comment at the next line. It is just for safely // updating the version in our release process. def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION -def protobufVersion = '3.25.3' +def protobufVersion = '3.25.5' dependencies { implementation "io.grpc:grpc-protobuf:${grpcVersion}" diff --git a/examples/example-dualstack/pom.xml b/examples/example-dualstack/pom.xml index dfd650cdfa..a8e32b347e 100644 --- a/examples/example-dualstack/pom.xml +++ b/examples/example-dualstack/pom.xml @@ -13,7 +13,7 @@ UTF-8 1.68.0-SNAPSHOT - 3.25.3 + 3.25.5 1.8 1.8 diff --git a/examples/example-gauth/build.gradle b/examples/example-gauth/build.gradle index 47e812fde1..86edd55720 100644 --- a/examples/example-gauth/build.gradle +++ b/examples/example-gauth/build.gradle @@ -25,7 +25,7 @@ java { // Feel free to delete the comment at the next line. It is just for safely // updating the version in our release process. def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION -def protobufVersion = '3.25.3' +def protobufVersion = '3.25.5' def protocVersion = protobufVersion diff --git a/examples/example-gauth/pom.xml b/examples/example-gauth/pom.xml index d2cba1a795..89478a2dfa 100644 --- a/examples/example-gauth/pom.xml +++ b/examples/example-gauth/pom.xml @@ -13,7 +13,7 @@ UTF-8 1.68.0-SNAPSHOT - 3.25.3 + 3.25.5 1.8 1.8 diff --git a/examples/example-gcp-csm-observability/build.gradle b/examples/example-gcp-csm-observability/build.gradle index a392018ba2..179ab3a74d 100644 --- a/examples/example-gcp-csm-observability/build.gradle +++ b/examples/example-gcp-csm-observability/build.gradle @@ -26,7 +26,7 @@ java { // Feel free to delete the comment at the next line. It is just for safely // updating the version in our release process. def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION -def protocVersion = '3.25.3' +def protocVersion = '3.25.5' def openTelemetryVersion = '1.40.0' def openTelemetryPrometheusVersion = '1.40.0-alpha' diff --git a/examples/example-gcp-observability/build.gradle b/examples/example-gcp-observability/build.gradle index dcb8d42002..1a6f471946 100644 --- a/examples/example-gcp-observability/build.gradle +++ b/examples/example-gcp-observability/build.gradle @@ -26,7 +26,7 @@ java { // Feel free to delete the comment at the next line. It is just for safely // updating the version in our release process. def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION -def protocVersion = '3.25.3' +def protocVersion = '3.25.5' dependencies { implementation "io.grpc:grpc-protobuf:${grpcVersion}" diff --git a/examples/example-hostname/build.gradle b/examples/example-hostname/build.gradle index df8b0fde12..17817e2a37 100644 --- a/examples/example-hostname/build.gradle +++ b/examples/example-hostname/build.gradle @@ -24,7 +24,7 @@ java { // Feel free to delete the comment at the next line. It is just for safely // updating the version in our release process. def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION -def protobufVersion = '3.25.3' +def protobufVersion = '3.25.5' dependencies { implementation "io.grpc:grpc-protobuf:${grpcVersion}" diff --git a/examples/example-hostname/pom.xml b/examples/example-hostname/pom.xml index c6d39887ba..991174af38 100644 --- a/examples/example-hostname/pom.xml +++ b/examples/example-hostname/pom.xml @@ -13,7 +13,7 @@ UTF-8 1.68.0-SNAPSHOT - 3.25.3 + 3.25.5 1.8 1.8 diff --git a/examples/example-jwt-auth/build.gradle b/examples/example-jwt-auth/build.gradle index f996282bbb..c31486095f 100644 --- a/examples/example-jwt-auth/build.gradle +++ b/examples/example-jwt-auth/build.gradle @@ -24,7 +24,7 @@ java { // Feel free to delete the comment at the next line. It is just for safely // updating the version in our release process. def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION -def protobufVersion = '3.25.3' +def protobufVersion = '3.25.5' def protocVersion = protobufVersion dependencies { diff --git a/examples/example-jwt-auth/pom.xml b/examples/example-jwt-auth/pom.xml index c84f989398..10330d955e 100644 --- a/examples/example-jwt-auth/pom.xml +++ b/examples/example-jwt-auth/pom.xml @@ -14,8 +14,8 @@ UTF-8 1.68.0-SNAPSHOT - 3.25.3 - 3.25.3 + 3.25.5 + 3.25.5 1.8 1.8 diff --git a/examples/example-oauth/build.gradle b/examples/example-oauth/build.gradle index 7f600c2bc5..fe21efcf0d 100644 --- a/examples/example-oauth/build.gradle +++ b/examples/example-oauth/build.gradle @@ -24,7 +24,7 @@ java { // Feel free to delete the comment at the next line. It is just for safely // updating the version in our release process. def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION -def protobufVersion = '3.25.3' +def protobufVersion = '3.25.5' def protocVersion = protobufVersion dependencies { diff --git a/examples/example-oauth/pom.xml b/examples/example-oauth/pom.xml index fa2eaa41e3..072bd957dc 100644 --- a/examples/example-oauth/pom.xml +++ b/examples/example-oauth/pom.xml @@ -14,8 +14,8 @@ UTF-8 1.68.0-SNAPSHOT - 3.25.3 - 3.25.3 + 3.25.5 + 3.25.5 1.8 1.8 diff --git a/examples/example-opentelemetry/build.gradle b/examples/example-opentelemetry/build.gradle index 21264ffcc1..f08f9d492a 100644 --- a/examples/example-opentelemetry/build.gradle +++ b/examples/example-opentelemetry/build.gradle @@ -25,7 +25,7 @@ java { // Feel free to delete the comment at the next line. It is just for safely // updating the version in our release process. def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION -def protocVersion = '3.25.3' +def protocVersion = '3.25.5' def openTelemetryVersion = '1.40.0' def openTelemetryPrometheusVersion = '1.40.0-alpha' diff --git a/examples/example-orca/build.gradle b/examples/example-orca/build.gradle index d087a532af..4ca9343f88 100644 --- a/examples/example-orca/build.gradle +++ b/examples/example-orca/build.gradle @@ -19,7 +19,7 @@ java { } def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION -def protocVersion = '3.25.3' +def protocVersion = '3.25.5' dependencies { implementation "io.grpc:grpc-protobuf:${grpcVersion}" diff --git a/examples/example-reflection/build.gradle b/examples/example-reflection/build.gradle index d7d5c50b7e..e1efc8ee05 100644 --- a/examples/example-reflection/build.gradle +++ b/examples/example-reflection/build.gradle @@ -19,7 +19,7 @@ java { } def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION -def protocVersion = '3.25.3' +def protocVersion = '3.25.5' dependencies { implementation "io.grpc:grpc-protobuf:${grpcVersion}" diff --git a/examples/example-servlet/build.gradle b/examples/example-servlet/build.gradle index 995e2d0979..ebd1467457 100644 --- a/examples/example-servlet/build.gradle +++ b/examples/example-servlet/build.gradle @@ -17,7 +17,7 @@ java { } def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION -def protocVersion = '3.25.3' +def protocVersion = '3.25.5' dependencies { implementation "io.grpc:grpc-protobuf:${grpcVersion}", diff --git a/examples/example-tls/build.gradle b/examples/example-tls/build.gradle index 8aad6b62bc..8a16a902b7 100644 --- a/examples/example-tls/build.gradle +++ b/examples/example-tls/build.gradle @@ -25,7 +25,7 @@ java { // Feel free to delete the comment at the next line. It is just for safely // updating the version in our release process. def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION -def protocVersion = '3.25.3' +def protocVersion = '3.25.5' dependencies { implementation "io.grpc:grpc-protobuf:${grpcVersion}" diff --git a/examples/example-tls/pom.xml b/examples/example-tls/pom.xml index e1d569a628..972976ecdf 100644 --- a/examples/example-tls/pom.xml +++ b/examples/example-tls/pom.xml @@ -13,7 +13,7 @@ UTF-8 1.68.0-SNAPSHOT - 3.25.3 + 3.25.5 1.8 1.8 diff --git a/examples/example-xds/build.gradle b/examples/example-xds/build.gradle index 8339db77e0..a3e23a1960 100644 --- a/examples/example-xds/build.gradle +++ b/examples/example-xds/build.gradle @@ -24,7 +24,7 @@ java { // Feel free to delete the comment at the next line. It is just for safely // updating the version in our release process. def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION -def protocVersion = '3.25.3' +def protocVersion = '3.25.5' dependencies { implementation "io.grpc:grpc-protobuf:${grpcVersion}" diff --git a/examples/pom.xml b/examples/pom.xml index 247df4a73c..554c70a35c 100644 --- a/examples/pom.xml +++ b/examples/pom.xml @@ -13,8 +13,8 @@ UTF-8 1.68.0-SNAPSHOT - 3.25.3 - 3.25.3 + 3.25.5 + 3.25.5 1.8 1.8 diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 488ead9ad8..8d7fb3766e 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -6,7 +6,7 @@ nettytcnative = '2.0.65.Final' opencensus = "0.31.1" # Not upgrading to 4.x as it is not yet ABI compatible. # https://github.com/protocolbuffers/protobuf/issues/17247 -protobuf = "3.25.3" +protobuf = "3.25.5" [libraries] android-annotations = "com.google.android:annotations:4.1.1.4"