(bookkeeper) branch master updated: Upgrade protobuf to 3.25.5 to address CVE-2024-7254 (#4508)

Tue, 24 Sep 2024 18:32:56 -0700 

This is an automated email from the ASF dual-hosted git repository.

shoothzj pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/bookkeeper.git


The following commit(s) were added to refs/heads/master by this push:
     new 0229b5d7cf Upgrade protobuf to 3.25.5 to address CVE-2024-7254 (#4508)
0229b5d7cf is described below

commit 0229b5d7cfd93850f05a16f20172f0d39492672f
Author: Lari Hotari <[email protected]>
AuthorDate: Wed Sep 25 04:32:45 2024 +0300

    Upgrade protobuf to 3.25.5 to address CVE-2024-7254 (#4508)
    
    ### Motivation
    
    CVE-2024-7254
    
    ### Changes
    
    Upgrade protobuf to 3.25.5
---
 bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt    | 8 ++++----
 bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt  | 8 ++++----
 bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt | 8 ++++----
 pom.xml                                                   | 2 +-
 4 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt 
b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
index 0b1902ac6a..99ec778465 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
@@ -676,13 +676,13 @@ This product bundles Google Protocol Buffers, which is 
available under a "3-clau
 license.
 
 Bundled as
-  - lib/com.google.protobuf-protobuf-java-3.25.1.jar
-Source available at https://github.com/google/protobuf/tree/v3.25.1
+  - lib/com.google.protobuf-protobuf-java-3.25.5.jar
+Source available at https://github.com/google/protobuf/tree/v3.25.5
 For details, see deps/protobuf-3.14.0/LICENSE.
 
 Bundled as
-  - lib/com.google.protobuf-protobuf-java-util-3.25.1.jar
-Source available at https://github.com/protocolbuffers/protobuf/tree/v3.25.1
+  - lib/com.google.protobuf-protobuf-java-util-3.25.5.jar
+Source available at https://github.com/protocolbuffers/protobuf/tree/v3.25.5
 For details, see deps/protobuf-3.12.0/LICENSE.
 
------------------------------------------------------------------------------------
 This product bundles the JCP Standard Java Servlet API, which is available 
under a
diff --git a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt 
b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
index 2c9b20816c..1c29e30606 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
@@ -569,13 +569,13 @@ This product bundles Google Protocol Buffers, which is 
available under a "3-clau
 license.
 
 Bundled as
-  - lib/com.google.protobuf-protobuf-java-3.25.1.jar
-Source available at https://github.com/google/protobuf/tree/v3.25.1
+  - lib/com.google.protobuf-protobuf-java-3.25.5.jar
+Source available at https://github.com/google/protobuf/tree/v3.25.5
 For details, see deps/protobuf-3.14.0/LICENSE.
 
 Bundled as
-  - lib/com.google.protobuf-protobuf-java-util-3.25.1.jar
-Source available at https://github.com/protocolbuffers/protobuf/tree/v3.25.1
+  - lib/com.google.protobuf-protobuf-java-util-3.25.5.jar
+Source available at https://github.com/protocolbuffers/protobuf/tree/v3.25.5
 For details, see deps/protobuf-3.12.0/LICENSE.
 
------------------------------------------------------------------------------------
 This product bundles Simple Logging Facade for Java, which is available under a
diff --git a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt 
b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
index 71cdb4eaa1..cb3bd44611 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
@@ -665,13 +665,13 @@ This product bundles Google Protocol Buffers, which is 
available under a "3-clau
 license.
 
 Bundled as
-  - lib/com.google.protobuf-protobuf-java-3.25.1.jar
-Source available at https://github.com/google/protobuf/tree/v3.25.1
+  - lib/com.google.protobuf-protobuf-java-3.25.5.jar
+Source available at https://github.com/google/protobuf/tree/v3.25.5
 For details, see deps/protobuf-3.14.0/LICENSE.
 
 Bundled as
-  - lib/com.google.protobuf-protobuf-java-util-3.25.1.jar
-Source available at https://github.com/protocolbuffers/protobuf/tree/v3.25.1
+  - lib/com.google.protobuf-protobuf-java-util-3.25.5.jar
+Source available at https://github.com/protocolbuffers/protobuf/tree/v3.25.5
 For details, see deps/protobuf-3.12.0/LICENSE.
 
------------------------------------------------------------------------------------
 This product bundles the JCP Standard Java Servlet API, which is available 
under a
diff --git a/pom.xml b/pom.xml
index 4121c857df..2302f884a6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -162,7 +162,7 @@
     <datasketches.version>0.8.3</datasketches.version>
     <httpclient.version>4.5.13</httpclient.version>
     <httpcore.version>4.4.15</httpcore.version>
-    <protobuf.version>3.25.1</protobuf.version>
+    <protobuf.version>3.25.5</protobuf.version>
     <protoc3.version>${protobuf.version}</protoc3.version>
     
<protoc-gen-grpc-java.version>${grpc.version}</protoc-gen-grpc-java.version>
     <reflections.version>0.9.11</reflections.version>

Reply via email to