Merge pull request #1397 from dilanSachi/bump-bouncy-1.7.x

[2201.5.x] Bump bouncycastle dependency
ballerina-platform · Sep 7, 2023 · dd2f624 · dd2f624
2 parents 1513c1d + 815e4a3
commit dd2f624
Show file tree

Hide file tree

Showing 7 changed files with 28 additions and 20 deletions.
diff --git a/ballerina/Ballerina.toml b/ballerina/Ballerina.toml
@@ -1,7 +1,7 @@
 [package]
 org = "ballerina"
 name = "grpc"
-version = "1.7.1"
+version = "1.7.2"
 distribution = "2201.5.0"
 authors = ["Ballerina"]
 keywords = ["network", "grpc", "protobuf", "server-streaming", "client-streaming", "bidirectional-streaming"]
@@ -13,11 +13,11 @@ export = ["grpc", "grpc.types.duration", "grpc.types.struct", "grpc.types.timest
 [[platform.java11.dependency]]
 groupId = "io.ballerina.stdlib"
 artifactId = "grpc-native"
-version = "1.7.1"
-path = "../native/build/libs/grpc-native-1.7.1.jar"
+version = "1.7.2"
+path = "../native/build/libs/grpc-native-1.7.2-SNAPSHOT.jar"
 
 [[platform.java11.dependency]]
-path = "../test-utils/build/libs/grpc-test-utils-1.7.1.jar"
+path = "../test-utils/build/libs/grpc-test-utils-1.7.2-SNAPSHOT.jar"
 scope = "testOnly"
 
 [[platform.java11.dependency]]
@@ -102,15 +102,15 @@ path = "./lib/commons-pool-1.5.6.wso2v1.jar"
 
 [[platform.java11.dependency]]
 groupId = "org.bouncycastle"
-artifactId = "bcprov-jdk15on"
-version = "1.69"
-path = "./lib/bcprov-jdk15on-1.69.jar"
+artifactId = "bcprov-jdk18on"
+version = "1.74"
+path = "./lib/bcprov-jdk18on-1.74.jar"
 
 [[platform.java11.dependency]]
 groupId = "org.bouncycastle"
-artifactId = "bcpkix-jdk15on"
-version = "1.69"
-path = "./lib/bcpkix-jdk15on-1.69.jar"
+artifactId = "bcpkix-jdk18on"
+version = "1.74"
+path = "./lib/bcpkix-jdk18on-1.74.jar"
 
 [[platform.java11.dependency]]
 groupId = "io.netty"

diff --git a/ballerina/CompilerPlugin.toml b/ballerina/CompilerPlugin.toml
@@ -3,4 +3,4 @@ id = "grpc-compiler-plugin"
 class = "io.ballerina.stdlib.grpc.plugin.GrpcCompilerPlugin"
 
 [[dependency]]
-path = "../compiler-plugin/build/libs/grpc-compiler-plugin-1.7.1.jar"
+path = "../compiler-plugin/build/libs/grpc-compiler-plugin-1.7.2-SNAPSHOT.jar"
diff --git a/ballerina/Dependencies.toml b/ballerina/Dependencies.toml
@@ -71,7 +71,7 @@ dependencies = [
 [[package]]
 org = "ballerina"
 name = "grpc"
-version = "1.7.1"
+version = "1.7.2"
 dependencies = [
 	{org = "ballerina", name = "auth"},
 	{org = "ballerina", name = "crypto"},
@@ -320,7 +320,7 @@ modules = [
 [[package]]
 org = "ballerina"
 name = "regex"
-version = "1.4.0"
+version = "1.4.3"
 dependencies = [
 	{org = "ballerina", name = "jballerina.java"},
 	{org = "ballerina", name = "lang.string"}

diff --git a/ballerina/build.gradle b/ballerina/build.gradle
@@ -111,10 +111,10 @@ dependencies {
     externalJars(group: 'commons-pool.wso2', name: 'commons-pool', version: "${wso2CommonsPoolVersion}") {
         transitive = false
     }
-    externalJars(group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: "${bouncycastleVersion}") {
+    externalJars(group: 'org.bouncycastle', name: 'bcprov-jdk18on', version: "${bouncycastleVersion}") {
         transitive = false
     }
-    externalJars(group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version: "${bouncycastleVersion}") {
+    externalJars(group: 'org.bouncycastle', name: 'bcpkix-jdk18on', version: "${bouncycastleVersion}") {
         transitive = false
     }
     externalJars(group: 'io.netty', name: 'netty-tcnative-classes', version: "${nettyTcnativeVersion}") {

diff --git a/build-config/resources/Ballerina.toml b/build-config/resources/Ballerina.toml
@@ -102,15 +102,15 @@ path = "./lib/commons-pool-@commons.pool.version@.jar"
 
 [[platform.java11.dependency]]
 groupId = "org.bouncycastle"
-artifactId = "bcprov-jdk15on"
+artifactId = "bcprov-jdk18on"
 version = "@bouncy.castle.version@"
-path = "./lib/bcprov-jdk15on-@bouncy.castle.version@.jar"
+path = "./lib/bcprov-jdk18on-@bouncy.castle.version@.jar"
 
 [[platform.java11.dependency]]
 groupId = "org.bouncycastle"
-artifactId = "bcpkix-jdk15on"
+artifactId = "bcpkix-jdk18on"
 version = "@bouncy.castle.version@"
-path = "./lib/bcpkix-jdk15on-@bouncy.castle.version@.jar"
+path = "./lib/bcpkix-jdk18on-@bouncy.castle.version@.jar"
 
 [[platform.java11.dependency]]
 groupId = "io.netty"

diff --git a/changelog.md b/changelog.md
@@ -6,9 +6,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Fixed
+- [Address CVE-2023-33201 netty Vulnerability](https://github.com/ballerina-platform/ballerina-standard-library/issues/4776)
+
+## [1.7.1] - 2023-06-30
 ### Fixed
 - [Address CVE-2023-34462 netty Vulnerability](https://github.com/ballerina-platform/ballerina-standard-library/issues/4602)
 
+## [1.6.1] - 2023-03-15
+### Fixed
+- [Fix SSL connection failure due to missing dependencies](https://github.com/ballerina-platform/ballerina-standard-library/issues/4197)
+
 ## [1.6.0] - 2023-02-20
 ### Added
 - [Exit the application when panicking inside a service](https://github.com/ballerina-platform/ballerina-standard-library/issues/3604)

diff --git a/gradle.properties b/gradle.properties
@@ -22,7 +22,7 @@ mockitoVersion=3.7.7
 jacocoVersion=0.8.8
 wso2OrbitAntlrVersion=4.5.1.wso2v1
 ballerinaGradlePluginVersion=1.0.0
-bouncycastleVersion=1.69
+bouncycastleVersion=1.74
 wso2CommonsPoolVersion=1.5.6.wso2v1
 
 #stdlib dependencies