From 810fdd510114667c58a5f328e5bf5e05ccd0e656 Mon Sep 17 00:00:00 2001 From: TharmiganK Date: Tue, 24 Sep 2024 16:29:14 +0530 Subject: [PATCH 1/5] Update protobuf version --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index ea88aade9f..0303be03bd 100644 --- a/gradle.properties +++ b/gradle.properties @@ -21,7 +21,7 @@ mockitoVersion=5.3.1 gsonVersion=2.7 lz4Version=1.3.0 marshallingVersion=2.0.5.Final -protobufVersion=3.20.3 +protobufVersion=3.25.5 jacocoVersion=0.8.10 ballerinaToOpenApiVersion=2.1.0 swaggerCoreVersion=2.2.22 From 3ceec6c5d4f31de71d9a06bd9ed79af3c16f23d5 Mon Sep 17 00:00:00 2001 From: TharmiganK Date: Tue, 24 Sep 2024 16:29:32 +0530 Subject: [PATCH 2/5] [Automated] Update the native jar versions --- ballerina/Ballerina.toml | 10 +++++----- ballerina/CompilerPlugin.toml | 2 +- ballerina/Dependencies.toml | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/ballerina/Ballerina.toml b/ballerina/Ballerina.toml index 74d4c64fd9..c3435acef3 100644 --- a/ballerina/Ballerina.toml +++ b/ballerina/Ballerina.toml @@ -1,7 +1,7 @@ [package] org = "ballerina" name = "http" -version = "2.12.0" +version = "2.12.1" authors = ["Ballerina"] keywords = ["http", "network", "service", "listener", "client"] repository = "https://github.com/ballerina-platform/module-ballerina-http" @@ -16,8 +16,8 @@ graalvmCompatible = true [[platform.java17.dependency]] groupId = "io.ballerina.stdlib" artifactId = "http-native" -version = "2.12.0" -path = "../native/build/libs/http-native-2.12.0.jar" +version = "2.12.1" +path = "../native/build/libs/http-native-2.12.1-SNAPSHOT.jar" [[platform.java17.dependency]] groupId = "io.ballerina.stdlib" @@ -169,5 +169,5 @@ path = "./lib/lz4-1.3.0.jar" [[platform.java17.dependency]] groupId = "com.google.protobufl" artifactId = "protobuf-java" -version = "3.20.3" -path = "./lib/protobuf-java-3.20.3.jar" +version = "3.25.5" +path = "./lib/protobuf-java-3.25.5.jar" diff --git a/ballerina/CompilerPlugin.toml b/ballerina/CompilerPlugin.toml index d97cfe7aac..751236dbb9 100644 --- a/ballerina/CompilerPlugin.toml +++ b/ballerina/CompilerPlugin.toml @@ -3,7 +3,7 @@ id = "http-compiler-plugin" class = "io.ballerina.stdlib.http.compiler.HttpCompilerPlugin" [[dependency]] -path = "../compiler-plugin/build/libs/http-compiler-plugin-2.12.0.jar" +path = "../compiler-plugin/build/libs/http-compiler-plugin-2.12.1-SNAPSHOT.jar" [[dependency]] path = "../compiler-plugin/build/libs/ballerina-to-openapi-2.1.0.jar" diff --git a/ballerina/Dependencies.toml b/ballerina/Dependencies.toml index 13938875f8..66f8ee6cbc 100644 --- a/ballerina/Dependencies.toml +++ b/ballerina/Dependencies.toml @@ -76,7 +76,7 @@ modules = [ [[package]] org = "ballerina" name = "http" -version = "2.12.0" +version = "2.12.1" dependencies = [ {org = "ballerina", name = "auth"}, {org = "ballerina", name = "cache"}, From f22d6a33a80cb6292120f60b166ebc888cea3f49 Mon Sep 17 00:00:00 2001 From: TharmiganK Date: Tue, 24 Sep 2024 16:29:48 +0530 Subject: [PATCH 3/5] Update change log --- changelog.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/changelog.md b/changelog.md index 5c0dd57114..463d3f89a8 100644 --- a/changelog.md +++ b/changelog.md @@ -5,6 +5,12 @@ This file contains all the notable changes done to the Ballerina HTTP package th The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [Unreleased] + +### Fixed + +- [Address CVE-2024-7254 vulnerability](https://github.com/ballerina-platform/ballerina-library/issues/7013) + ## [2.12.0] - 2024-08-20 ### Added From 5abc68399a80c360df81bb3e60e7e63601ad8275 Mon Sep 17 00:00:00 2001 From: TharmiganK Date: Tue, 24 Sep 2024 16:45:47 +0530 Subject: [PATCH 4/5] Update graalvm check workflow --- .github/workflows/build-with-bal-test-graalvm.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-with-bal-test-graalvm.yml b/.github/workflows/build-with-bal-test-graalvm.yml index 425ab94e8d..25faedb6bc 100644 --- a/.github/workflows/build-with-bal-test-graalvm.yml +++ b/.github/workflows/build-with-bal-test-graalvm.yml @@ -6,7 +6,7 @@ on: lang_tag: description: Branch/Release Tag of the Ballerina Lang required: true - default: master + default: 2201.10.x lang_version: description: Ballerina Lang Version (If given ballerina lang buid will be skipped) required: false @@ -29,6 +29,7 @@ on: - 2201.7.x - 2201.8.x - 2201.9.x + - 2201.10.x types: [opened, synchronize, reopened, labeled, unlabeled] concurrency: From bcf706a8eb0a35d51ff43aea164a8a6584bd9398 Mon Sep 17 00:00:00 2001 From: TharmiganK Date: Wed, 25 Sep 2024 07:18:31 +0530 Subject: [PATCH 5/5] Update default lang tag for PR builds --- .github/workflows/build-with-bal-test-graalvm.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-with-bal-test-graalvm.yml b/.github/workflows/build-with-bal-test-graalvm.yml index 25faedb6bc..09b35d1bf9 100644 --- a/.github/workflows/build-with-bal-test-graalvm.yml +++ b/.github/workflows/build-with-bal-test-graalvm.yml @@ -42,7 +42,7 @@ jobs: if: ${{ github.event_name != 'schedule' || (github.event_name == 'schedule' && github.repository_owner == 'ballerina-platform') }} uses: ballerina-platform/ballerina-library/.github/workflows/build-with-bal-test-graalvm-template.yml@main with: - lang_tag: ${{ inputs.lang_tag }} + lang_tag: ${{ inputs.lang_tag || '2201.10.x' }} lang_version: ${{ inputs.lang_version }} native_image_options: '-J-Xmx7G ${{ inputs.native_image_options }}' additional_ubuntu_build_flags: '-x :http-native:test -x :http-compiler-plugin-tests:test ${{ inputs.build_properties }}'