This is an automated email from the ASF dual-hosted git repository. epugh pushed a commit to branch update_protobuf_3_25_8 in repository https://gitbox.apache.org/repos/asf/solr.git
commit 7fc9ee71fa8ba9abec9cb7cdff9ad18470e63689 Author: Eric Pugh <[email protected]> AuthorDate: Tue Aug 19 08:02:14 2025 -0400 Upgrade protobuf to deal with CVE-2024-7254 --- solr/licenses/protobuf-java-3.25.3.jar.sha1 | 1 - solr/licenses/protobuf-java-3.25.8.jar.sha1 | 1 + solr/licenses/protobuf-java-util-3.25.3.jar.sha1 | 1 - solr/licenses/protobuf-java-util-3.25.8.jar.sha1 | 1 + versions.lock | 4 ++-- versions.props | 1 + 6 files changed, 5 insertions(+), 4 deletions(-) diff --git a/solr/licenses/protobuf-java-3.25.3.jar.sha1 b/solr/licenses/protobuf-java-3.25.3.jar.sha1 deleted file mode 100644 index 41b763811b4..00000000000 --- a/solr/licenses/protobuf-java-3.25.3.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -d3200261955f3298e0d85c9892201e70492ce8eb diff --git a/solr/licenses/protobuf-java-3.25.8.jar.sha1 b/solr/licenses/protobuf-java-3.25.8.jar.sha1 new file mode 100644 index 00000000000..b7ea139f615 --- /dev/null +++ b/solr/licenses/protobuf-java-3.25.8.jar.sha1 @@ -0,0 +1 @@ +2ba593767658038775b2ea9724c3686609874470 diff --git a/solr/licenses/protobuf-java-util-3.25.3.jar.sha1 b/solr/licenses/protobuf-java-util-3.25.3.jar.sha1 deleted file mode 100644 index a3d39b7af21..00000000000 --- a/solr/licenses/protobuf-java-util-3.25.3.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -c2284abc8c484d64ee5cb79bf61d5b7a819f6d50 diff --git a/solr/licenses/protobuf-java-util-3.25.8.jar.sha1 b/solr/licenses/protobuf-java-util-3.25.8.jar.sha1 new file mode 100644 index 00000000000..a54234b78de --- /dev/null +++ b/solr/licenses/protobuf-java-util-3.25.8.jar.sha1 @@ -0,0 +1 @@ +0be3cb8bef1415d3b87cf5bf4de0b9149f6a0990 diff --git a/versions.lock b/versions.lock index 9968a203fbb..889f4f2e3c5 100644 --- a/versions.lock +++ b/versions.lock @@ -57,8 +57,8 @@ com.google.http-client:google-http-client-gson:1.44.2 (7 constraints: 68702d4e) com.google.http-client:google-http-client-jackson2:1.44.2 (1 constraints: 1f1009a6) com.google.j2objc:j2objc-annotations:3.0.0 (4 constraints: 453c9e88) com.google.oauth-client:google-oauth-client:1.36.0 (2 constraints: b720ee75) -com.google.protobuf:protobuf-java:3.25.3 (11 constraints: ed9520ce) -com.google.protobuf:protobuf-java-util:3.25.3 (3 constraints: 3c2b232d) +com.google.protobuf:protobuf-java:3.25.8 (11 constraints: f295dcd0) +com.google.protobuf:protobuf-java-util:3.25.8 (4 constraints: 7f30200a) com.google.re2j:re2j:1.7 (2 constraints: 3914d56f) com.googlecode.json-simple:json-simple:1.1.1 (2 constraints: 321c78d2) com.googlecode.juniversalchardet:juniversalchardet:1.0.3 (1 constraints: 5b0ce401) diff --git a/versions.props b/versions.props index 0edff7c1b2e..bfb8dc9554c 100644 --- a/versions.props +++ b/versions.props @@ -12,6 +12,7 @@ com.github.stephenc.jcip:jcip-annotations=1.0-1 com.google.cloud:google-cloud-bom=0.224.0 com.google.errorprone:*=2.31.0 com.google.guava:guava=32.1.3-jre +com.google.protobuf:*=3.25.8 com.google.re2j:re2j=1.7 com.j256.simplemagic:simplemagic=1.17 com.jayway.jsonpath:json-path=2.9.0
