(solr) branch branch_9x updated: Upgrade protobuf to deal with CVE-2024-7254 (#3484)

Tue, 19 Aug 2025 05:57:10 -0700 

This is an automated email from the ASF dual-hosted git repository.

epugh pushed a commit to branch branch_9x
in repository https://gitbox.apache.org/repos/asf/solr.git


The following commit(s) were added to refs/heads/branch_9x by this push:
     new b4da980d1e0 Upgrade protobuf to deal with CVE-2024-7254 (#3484)
b4da980d1e0 is described below

commit b4da980d1e01eb79939bf0590537a911ab33ec61
Author: Eric Pugh <[email protected]>
AuthorDate: Tue Aug 19 08:56:56 2025 -0400

    Upgrade protobuf to deal with CVE-2024-7254 (#3484)
---
 solr/licenses/protobuf-java-3.25.3.jar.sha1      | 1 -
 solr/licenses/protobuf-java-3.25.8.jar.sha1      | 1 +
 solr/licenses/protobuf-java-util-3.25.3.jar.sha1 | 1 -
 solr/licenses/protobuf-java-util-3.25.8.jar.sha1 | 1 +
 versions.lock                                    | 4 ++--
 versions.props                                   | 1 +
 6 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/solr/licenses/protobuf-java-3.25.3.jar.sha1 
b/solr/licenses/protobuf-java-3.25.3.jar.sha1
deleted file mode 100644
index 41b763811b4..00000000000
--- a/solr/licenses/protobuf-java-3.25.3.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-d3200261955f3298e0d85c9892201e70492ce8eb
diff --git a/solr/licenses/protobuf-java-3.25.8.jar.sha1 
b/solr/licenses/protobuf-java-3.25.8.jar.sha1
new file mode 100644
index 00000000000..b7ea139f615
--- /dev/null
+++ b/solr/licenses/protobuf-java-3.25.8.jar.sha1
@@ -0,0 +1 @@
+2ba593767658038775b2ea9724c3686609874470
diff --git a/solr/licenses/protobuf-java-util-3.25.3.jar.sha1 
b/solr/licenses/protobuf-java-util-3.25.3.jar.sha1
deleted file mode 100644
index a3d39b7af21..00000000000
--- a/solr/licenses/protobuf-java-util-3.25.3.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-c2284abc8c484d64ee5cb79bf61d5b7a819f6d50
diff --git a/solr/licenses/protobuf-java-util-3.25.8.jar.sha1 
b/solr/licenses/protobuf-java-util-3.25.8.jar.sha1
new file mode 100644
index 00000000000..a54234b78de
--- /dev/null
+++ b/solr/licenses/protobuf-java-util-3.25.8.jar.sha1
@@ -0,0 +1 @@
+0be3cb8bef1415d3b87cf5bf4de0b9149f6a0990
diff --git a/versions.lock b/versions.lock
index 3951f3da122..5fac5375b10 100644
--- a/versions.lock
+++ b/versions.lock
@@ -57,8 +57,8 @@ com.google.http-client:google-http-client-gson:1.44.2 (7 
constraints: 68702d4e)
 com.google.http-client:google-http-client-jackson2:1.44.2 (1 constraints: 
1f1009a6)
 com.google.j2objc:j2objc-annotations:3.0.0 (4 constraints: 453c9e88)
 com.google.oauth-client:google-oauth-client:1.36.0 (2 constraints: b720ee75)
-com.google.protobuf:protobuf-java:3.25.3 (11 constraints: ed9520ce)
-com.google.protobuf:protobuf-java-util:3.25.3 (3 constraints: 3c2b232d)
+com.google.protobuf:protobuf-java:3.25.8 (11 constraints: f295dcd0)
+com.google.protobuf:protobuf-java-util:3.25.8 (4 constraints: 7f30200a)
 com.google.re2j:re2j:1.7 (2 constraints: 3914d56f)
 com.googlecode.json-simple:json-simple:1.1.1 (2 constraints: 321c78d2)
 com.googlecode.juniversalchardet:juniversalchardet:1.0.3 (1 constraints: 
5b0ce401)
diff --git a/versions.props b/versions.props
index ae5318796e2..393650c2401 100644
--- a/versions.props
+++ b/versions.props
@@ -12,6 +12,7 @@ com.github.stephenc.jcip:jcip-annotations=1.0-1
 com.google.cloud:google-cloud-bom=0.224.0
 com.google.errorprone:*=2.31.0
 com.google.guava:guava=32.1.3-jre
+com.google.protobuf:*=3.25.8
 com.google.re2j:re2j=1.7
 com.j256.simplemagic:simplemagic=1.17
 com.jayway.jsonpath:json-path=2.9.0

Reply via email to