Skip to content

Commit

Permalink
Add fix for CVE-2024-7254 (#8647)
Browse files Browse the repository at this point in the history
  • Loading branch information
StefanBratanov authored Sep 26, 2024
1 parent 7066de7 commit b91c432
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
- Renamed metrics `validator_attestation_publication_delay`,`validator_block_publication_delay` and `beacon_block_import_delay_counter` to include the suffix `_total` added by the current version of prometheus.
- Updated bootnodes for Holesky network
- Added new `--p2p-flood-publish-enabled` parameter to control whenever flood publishing behaviour is enabled (applies to all subnets). Previous teku versions always had this behaviour enabled. Default is `true`.
- Add a fix for [CVE-2024-7254](https://avd.aquasec.com/nvd/2024/cve-2024-7254/)

### Bug Fixes
- removed a warning from logs about non blinded blocks being requested (#8562)
2 changes: 1 addition & 1 deletion gradle/versions.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ dependencyManagement {
entry 'javalin-rendering'
}

dependency 'io.libp2p:jvm-libp2p:1.1.1-RELEASE'
dependency 'io.libp2p:jvm-libp2p:1.2.0-RELEASE'
dependency 'tech.pegasys:jblst:0.3.12'
dependency 'tech.pegasys:jc-kzg-4844:1.0.0'

Expand Down

0 comments on commit b91c432

Please sign in to comment.