This is an automated email from the ASF dual-hosted git repository. lhotari pushed a commit to branch branch-4.16 in repository https://gitbox.apache.org/repos/asf/bookkeeper.git
commit b9c567cbe4d005e19d23ad1db308c8902a8db69b Author: Lari Hotari <[email protected]> AuthorDate: Wed Sep 25 04:32:45 2024 +0300 Upgrade protobuf to 3.25.5 to address CVE-2024-7254 (#4508) CVE-2024-7254 Upgrade protobuf to 3.25.5 (cherry picked from commit 0229b5d7cfd93850f05a16f20172f0d39492672f) --- bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt | 8 ++++---- bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt | 8 ++++---- bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt | 8 ++++---- pom.xml | 4 ++-- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt index 1cd3824822..b52d8cde66 100644 --- a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt +++ b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt @@ -640,13 +640,13 @@ This product bundles Google Protocol Buffers, which is available under a "3-clau license. Bundled as - - lib/com.google.protobuf-protobuf-java-3.21.9.jar -Source available at https://github.com/google/protobuf/tree/v3.21.9 + - lib/com.google.protobuf-protobuf-java-3.25.5.jar +Source available at https://github.com/google/protobuf/tree/v3.25.5 For details, see deps/protobuf-3.14.0/LICENSE. Bundled as - - lib/com.google.protobuf-protobuf-java-util-3.21.9.jar -Source available at https://github.com/protocolbuffers/protobuf/tree/v3.21.9 + - lib/com.google.protobuf-protobuf-java-util-3.25.5.jar +Source available at https://github.com/protocolbuffers/protobuf/tree/v3.25.5 For details, see deps/protobuf-3.12.0/LICENSE. ------------------------------------------------------------------------------------ This product bundles the JCP Standard Java Servlet API, which is available under a diff --git a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt index a22f92976f..b0db094e5b 100644 --- a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt +++ b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt @@ -561,13 +561,13 @@ This product bundles Google Protocol Buffers, which is available under a "3-clau license. Bundled as - - lib/com.google.protobuf-protobuf-java-3.21.9.jar -Source available at https://github.com/google/protobuf/tree/v3.21.9 + - lib/com.google.protobuf-protobuf-java-3.25.5.jar +Source available at https://github.com/google/protobuf/tree/v3.25.5 For details, see deps/protobuf-3.14.0/LICENSE. Bundled as - - lib/com.google.protobuf-protobuf-java-util-3.21.9.jar -Source available at https://github.com/protocolbuffers/protobuf/tree/v3.21.9 + - lib/com.google.protobuf-protobuf-java-util-3.25.5.jar +Source available at https://github.com/protocolbuffers/protobuf/tree/v3.25.5 For details, see deps/protobuf-3.12.0/LICENSE. ------------------------------------------------------------------------------------ This product bundles Simple Logging Facade for Java, which is available under a diff --git a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt index 6136624d94..0639101644 100644 --- a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt +++ b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt @@ -629,13 +629,13 @@ This product bundles Google Protocol Buffers, which is available under a "3-clau license. Bundled as - - lib/com.google.protobuf-protobuf-java-3.21.9.jar -Source available at https://github.com/google/protobuf/tree/v3.21.9 + - lib/com.google.protobuf-protobuf-java-3.25.5.jar +Source available at https://github.com/google/protobuf/tree/v3.25.5 For details, see deps/protobuf-3.14.0/LICENSE. Bundled as - - lib/com.google.protobuf-protobuf-java-util-3.21.9.jar -Source available at https://github.com/protocolbuffers/protobuf/tree/v3.21.9 + - lib/com.google.protobuf-protobuf-java-util-3.25.5.jar +Source available at https://github.com/protocolbuffers/protobuf/tree/v3.25.5 For details, see deps/protobuf-3.12.0/LICENSE. ------------------------------------------------------------------------------------ This product bundles the JCP Standard Java Servlet API, which is available under a diff --git a/pom.xml b/pom.xml index 8bf6926fe7..6ec4c4c7cb 100644 --- a/pom.xml +++ b/pom.xml @@ -163,8 +163,8 @@ <datasketches.version>0.8.3</datasketches.version> <httpclient.version>4.5.13</httpclient.version> <httpcore.version>4.4.15</httpcore.version> - <protobuf.version>3.21.9</protobuf.version> - <protoc3.version>3.21.9</protoc3.version> + <protobuf.version>3.25.5</protobuf.version> + <protoc3.version>${protobuf.version}</protoc3.version> <protoc-gen-grpc-java.version>${grpc.version}</protoc-gen-grpc-java.version> <reflections.version>0.9.11</reflections.version> <rocksdb.version>7.9.2</rocksdb.version>
