Skip to content

Commit

Permalink
Merge pull request #1567 from dilanSachi/bump-netty
Browse files Browse the repository at this point in the history 
[Master] Update Netty version to resolve `CVE-2024-29025`
  • Loading branch information
@dilanSachi
dilanSachi authored Apr 1, 2024
2 parents b8de8e9 + 5a27e95 commit 2096e3f
Show file tree
Hide file tree
Showing 5 changed files with 46 additions and 41 deletions.
70 changes: 35 additions & 35 deletions ballerina/Ballerina.toml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
[package]
org = "ballerina"
name = "grpc"
version = "1.10.6"
version = "1.10.7"
distribution = "2201.8.0"
authors = ["Ballerina"]
keywords = ["network", "grpc", "protobuf", "server-streaming", "client-streaming", "bidirectional-streaming"]
Expand All @@ -16,11 +16,11 @@ graalvmCompatible = true
[[platform.java17.dependency]]
groupId = "io.ballerina.stdlib"
artifactId = "grpc-native"
version = "1.10.6"
path = "../native/build/libs/grpc-native-1.10.6.jar"
version = "1.10.7"
path = "../native/build/libs/grpc-native-1.10.7-SNAPSHOT.jar"

[[platform.java17.dependency]]
path = "../test-utils/build/libs/grpc-test-utils-1.10.6.jar"
path = "../test-utils/build/libs/grpc-test-utils-1.10.7-SNAPSHOT.jar"
scope = "testOnly"

[[platform.java17.dependency]]
Expand All @@ -34,68 +34,68 @@ scope = "testOnly"
[[platform.java17.dependency]]
groupId = "io.ballerina.stdlib"
artifactId = "http-native"
version = "2.10.6"
path = "./lib/http-native-2.10.6.jar"
version = "2.10.13"
path = "./lib/http-native-2.10.13-20240327-141300-ecd1355.jar"

[[platform.java17.dependency]]
groupId = "io.netty"
artifactId = "netty-common"
version = "4.1.100.Final"
path = "./lib/netty-common-4.1.100.Final.jar"
version = "4.1.108.Final"
path = "./lib/netty-common-4.1.108.Final.jar"

[[platform.java17.dependency]]
groupId = "io.netty"
artifactId = "netty-buffer"
version = "4.1.100.Final"
path = "./lib/netty-buffer-4.1.100.Final.jar"
version = "4.1.108.Final"
path = "./lib/netty-buffer-4.1.108.Final.jar"

[[platform.java17.dependency]]
groupId = "io.netty"
artifactId = "netty-transport"
version = "4.1.100.Final"
path = "./lib/netty-transport-4.1.100.Final.jar"
version = "4.1.108.Final"
path = "./lib/netty-transport-4.1.108.Final.jar"

[[platform.java17.dependency]]
groupId = "io.netty"
artifactId = "netty-resolver"
version = "4.1.100.Final"
path = "./lib/netty-resolver-4.1.100.Final.jar"
version = "4.1.108.Final"
path = "./lib/netty-resolver-4.1.108.Final.jar"

[[platform.java17.dependency]]
groupId = "io.netty"
artifactId = "netty-handler"
version = "4.1.100.Final"
path = "./lib/netty-handler-4.1.100.Final.jar"
version = "4.1.108.Final"
path = "./lib/netty-handler-4.1.108.Final.jar"

[[platform.java17.dependency]]
groupId = "io.netty"
artifactId = "netty-codec-http"
version = "4.1.100.Final"
path = "./lib/netty-codec-http-4.1.100.Final.jar"
version = "4.1.108.Final"
path = "./lib/netty-codec-http-4.1.108.Final.jar"

[[platform.java17.dependency]]
groupId = "io.netty"
artifactId = "netty-codec"
version = "4.1.100.Final"
path = "./lib/netty-codec-4.1.100.Final.jar"
version = "4.1.108.Final"
path = "./lib/netty-codec-4.1.108.Final.jar"

[[platform.java17.dependency]]
groupId = "io.netty"
artifactId = "netty-handler-proxy"
version = "4.1.100.Final"
path = "./lib/netty-handler-proxy-4.1.100.Final.jar"
version = "4.1.108.Final"
path = "./lib/netty-handler-proxy-4.1.108.Final.jar"

[[platform.java17.dependency]]
groupId = "io.netty"
artifactId = "netty-codec-http2"
version = "4.1.100.Final"
path = "./lib/netty-codec-http2-4.1.100.Final.jar"
version = "4.1.108.Final"
path = "./lib/netty-codec-http2-4.1.108.Final.jar"

[[platform.java17.dependency]]
groupId = "io.netty"
artifactId = "netty-transport-native-unix-common"
version = "4.1.100.Final"
path = "./lib/netty-transport-native-unix-common-4.1.100.Final.jar"
version = "4.1.108.Final"
path = "./lib/netty-transport-native-unix-common-4.1.108.Final.jar"

[[platform.java17.dependency]]
groupId = "commons.pool.wso2"
Expand All @@ -118,29 +118,29 @@ path = "./lib/bcpkix-jdk18on-1.74.jar"
[[platform.java17.dependency]]
groupId = "io.netty"
artifactId = "netty-tcnative-classes"
version = "2.0.62.Final"
path = "./lib/netty-tcnative-classes-2.0.62.Final.jar"
version = "2.0.65.Final"
path = "./lib/netty-tcnative-classes-2.0.65.Final.jar"

[[platform.java17.dependency]]
groupId = "io.netty"
artifactId = "netty-tcnative-boringssl-static"
version = "2.0.62.Final"
path = "./lib/netty-tcnative-boringssl-static-2.0.62.Final.jar"
version = "2.0.65.Final"
path = "./lib/netty-tcnative-boringssl-static-2.0.65.Final.jar"

[[platform.java17.dependency]]
path = "./lib/netty-tcnative-boringssl-static-2.0.62.Final-windows-x86_64.jar"
path = "./lib/netty-tcnative-boringssl-static-2.0.65.Final-windows-x86_64.jar"

[[platform.java17.dependency]]
path = "./lib/netty-tcnative-boringssl-static-2.0.62.Final-linux-aarch_64.jar"
path = "./lib/netty-tcnative-boringssl-static-2.0.65.Final-linux-aarch_64.jar"

[[platform.java17.dependency]]
path = "./lib/netty-tcnative-boringssl-static-2.0.62.Final-linux-x86_64.jar"
path = "./lib/netty-tcnative-boringssl-static-2.0.65.Final-linux-x86_64.jar"

[[platform.java17.dependency]]
path = "./lib/netty-tcnative-boringssl-static-2.0.62.Final-osx-aarch_64.jar"
path = "./lib/netty-tcnative-boringssl-static-2.0.65.Final-osx-aarch_64.jar"

[[platform.java17.dependency]]
path = "./lib/netty-tcnative-boringssl-static-2.0.62.Final-osx-x86_64.jar"
path = "./lib/netty-tcnative-boringssl-static-2.0.65.Final-osx-x86_64.jar"

[[platform.java17.dependency]]
groupId = "com.google.protobuf"
Expand Down
2 changes: 1 addition & 1 deletion ballerina/CompilerPlugin.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,4 @@ id = "grpc-compiler-plugin"
class = "io.ballerina.stdlib.grpc.plugin.GrpcCompilerPlugin"

[[dependency]]
path = "../compiler-plugin/build/libs/grpc-compiler-plugin-1.10.6.jar"
path = "../compiler-plugin/build/libs/grpc-compiler-plugin-1.10.7-SNAPSHOT.jar"
4 changes: 2 additions & 2 deletions ballerina/Dependencies.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ dependencies = [
[[package]]
org = "ballerina"
name = "grpc"
version = "1.10.6"
version = "1.10.7"
dependencies = [
{org = "ballerina", name = "auth"},
{org = "ballerina", name = "crypto"},
Expand All @@ -94,7 +94,7 @@ modules = [
[[package]]
org = "ballerina"
name = "http"
version = "2.10.6"
version = "2.10.13"
scope = "testOnly"
dependencies = [
{org = "ballerina", name = "auth"},
Expand Down
5 changes: 5 additions & 0 deletions changelog.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,11 @@ This file contains all the notable changes done to the Ballerina gRPC package th
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [Unreleased]

### Fixed
- [Address CVE-2024-29025 netty's vulnerability](https://github.com/ballerina-platform/ballerina-library/issues/6242)

## [1.10.6] - 2024-02-01
### Added
- [Added `maxHeaderSize` in `grpc:ListenerConfiguration`](https://github.com/ballerina-platform/ballerina-library/issues/5969)
Expand Down
6 changes: 3 additions & 3 deletions gradle.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,8 @@ slf4jVersion=1.7.30
protoGoogleCommonsVersion=1.17.0
protobufJavaVersion=3.20.3
jknackHandlebarsVersion=4.0.6
nettyVersion=4.1.100.Final
nettyTcnativeVersion=2.0.62.Final
nettyVersion=4.1.108.Final
nettyTcnativeVersion=2.0.65.Final
picocliVersion=4.0.1
githubSpotbugsVersion=5.0.14
githubJohnrengelmanShadowVersion=8.1.1
Expand Down Expand Up @@ -47,7 +47,7 @@ stdlibAuthVersion=2.10.0
stdlibJwtVersion=2.10.0
stdlibOAuth2Version=2.10.0

stdlibHttpVersion=2.10.6
stdlibHttpVersion=2.10.13-20240327-141300-ecd1355

# Ballerinax Observer
observeVersion=1.2.0
Expand Down

0 comments on commit 2096e3f

Please sign in to comment.