Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bumped protobuf-java version from 3.21.9 (3.8.0) to 3.23.2 - CVE-2022-3510 CVE-2022-3509 CVE-2022-3171 CVE-2021-22569 #3802

Closed
MDeLuise opened this issue Jun 29, 2023 · 0 comments · Fixed by #3803
Closed

Bumped protobuf-java version from 3.21.9 (3.8.0) to 3.23.2 - CVE-2022-3510 CVE-2022-3509 CVE-2022-3171 CVE-2021-22569 #3802

MDeLuise opened this issue Jun 29, 2023 · 0 comments · Fixed by #3803
Labels
Dependencies PR that updates dependencies. Be on the edge!

Comments

@MDeLuise
Copy link
Contributor

MDeLuise commented Jun 29, 2023
edited by Coduz
Loading

Is your feature request related to a problem? Please describe.
It would be better to upgrade the com.google.protobuf:protobuf-java library, since the current most recent version is the 3.23.2 and the project uses the 3.21.9.

For 1.x releases the bump will be from 3.8.0 to 3.23.3 solving following CVEs:
@MDeLuise MDeLuise mentioned this issue Jun 29, 2023
Merged
@Coduz Coduz added the Dependencies PR that updates dependencies. Be on the edge! label Jul 3, 2023
@Coduz Coduz changed the title Upgrade protobuf-java library Bumped protobuf-java version from 3.21.9 to 3.23.2 Jul 4, 2023
@Coduz Coduz changed the title Bumped protobuf-java version from 3.21.9 to 3.23.2 Bumped protobuf-java version from 3.21.9 (3.8.0) to 3.23.2 - CVE-2022-3510 CVE-2022-3509 CVE-2022-3171 CVE-2021-22569 Jul 4, 2023
@Coduz Coduz moved this to Done in Eclipse Kapua 1.7.0 Jun 12, 2024
@Coduz Coduz moved this to Done in Eclipse Kapua 1.5.8 Jun 12, 2024
@Coduz Coduz moved this to Done in Eclipse Kapua 2.0.0 Jun 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Dependencies PR that updates dependencies. Be on the edge!
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Bumped protobuf-java version from 3.21.9 to 3.23.2 MDeLuise/kapua
2 participants
@Coduz @MDeLuise