From 0ac6074ac305308a62780c04376c451ef1036f85 Mon Sep 17 00:00:00 2001 From: dilanSachi Date: Thu, 7 Sep 2023 14:01:11 +0530 Subject: [PATCH 1/3] [Automated] Update the native jar versions --- ballerina/Ballerina.toml | 20 ++++++++++---------- ballerina/CompilerPlugin.toml | 2 +- ballerina/Dependencies.toml | 4 ++-- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/ballerina/Ballerina.toml b/ballerina/Ballerina.toml index 1a8f97d6e..d50b3910c 100644 --- a/ballerina/Ballerina.toml +++ b/ballerina/Ballerina.toml @@ -1,7 +1,7 @@ [package] org = "ballerina" name = "grpc" -version = "1.7.1" +version = "1.7.2" distribution = "2201.5.0" authors = ["Ballerina"] keywords = ["network", "grpc", "protobuf", "server-streaming", "client-streaming", "bidirectional-streaming"] @@ -13,11 +13,11 @@ export = ["grpc", "grpc.types.duration", "grpc.types.struct", "grpc.types.timest [[platform.java11.dependency]] groupId = "io.ballerina.stdlib" artifactId = "grpc-native" -version = "1.7.1" -path = "../native/build/libs/grpc-native-1.7.1.jar" +version = "1.7.2" +path = "../native/build/libs/grpc-native-1.7.2-SNAPSHOT.jar" [[platform.java11.dependency]] -path = "../test-utils/build/libs/grpc-test-utils-1.7.1.jar" +path = "../test-utils/build/libs/grpc-test-utils-1.7.2-SNAPSHOT.jar" scope = "testOnly" [[platform.java11.dependency]] @@ -102,15 +102,15 @@ path = "./lib/commons-pool-1.5.6.wso2v1.jar" [[platform.java11.dependency]] groupId = "org.bouncycastle" -artifactId = "bcprov-jdk15on" -version = "1.69" -path = "./lib/bcprov-jdk15on-1.69.jar" +artifactId = "bcprov-jdk18on" +version = "1.74" +path = "./lib/bcprov-jdk18on-1.74.jar" [[platform.java11.dependency]] groupId = "org.bouncycastle" -artifactId = "bcpkix-jdk15on" -version = "1.69" -path = "./lib/bcpkix-jdk15on-1.69.jar" +artifactId = "bcpkix-jdk18on" +version = "1.74" +path = "./lib/bcpkix-jdk18on-1.74.jar" [[platform.java11.dependency]] groupId = "io.netty" diff --git a/ballerina/CompilerPlugin.toml b/ballerina/CompilerPlugin.toml index 4d8047830..d54bbf4ef 100644 --- a/ballerina/CompilerPlugin.toml +++ b/ballerina/CompilerPlugin.toml @@ -3,4 +3,4 @@ id = "grpc-compiler-plugin" class = "io.ballerina.stdlib.grpc.plugin.GrpcCompilerPlugin" [[dependency]] -path = "../compiler-plugin/build/libs/grpc-compiler-plugin-1.7.1.jar" +path = "../compiler-plugin/build/libs/grpc-compiler-plugin-1.7.2-SNAPSHOT.jar" diff --git a/ballerina/Dependencies.toml b/ballerina/Dependencies.toml index 54830a507..2bb98a9e2 100644 --- a/ballerina/Dependencies.toml +++ b/ballerina/Dependencies.toml @@ -71,7 +71,7 @@ dependencies = [ [[package]] org = "ballerina" name = "grpc" -version = "1.7.1" +version = "1.7.2" dependencies = [ {org = "ballerina", name = "auth"}, {org = "ballerina", name = "crypto"}, @@ -320,7 +320,7 @@ modules = [ [[package]] org = "ballerina" name = "regex" -version = "1.4.0" +version = "1.4.3" dependencies = [ {org = "ballerina", name = "jballerina.java"}, {org = "ballerina", name = "lang.string"} From 11a6830ab3583c818adb998f7b00e7588de94eed Mon Sep 17 00:00:00 2001 From: dilanSachi Date: Thu, 7 Sep 2023 14:01:56 +0530 Subject: [PATCH 2/3] Update changelog.md --- changelog.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/changelog.md b/changelog.md index 448e95e3e..81382dbb6 100644 --- a/changelog.md +++ b/changelog.md @@ -6,9 +6,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Fixed +- [Address CVE-2023-33201 netty Vulnerability](https://github.com/ballerina-platform/ballerina-standard-library/issues/4776) + +## [1.7.1] - 2023-06-30 ### Fixed - [Address CVE-2023-34462 netty Vulnerability](https://github.com/ballerina-platform/ballerina-standard-library/issues/4602) +## [1.6.1] - 2023-03-15 +### Fixed +- [Fix SSL connection failure due to missing dependencies](https://github.com/ballerina-platform/ballerina-standard-library/issues/4197) + ## [1.6.0] - 2023-02-20 ### Added - [Exit the application when panicking inside a service](https://github.com/ballerina-platform/ballerina-standard-library/issues/3604) From 815e4a3be914ac0076e2d64889613c80bb1f599a Mon Sep 17 00:00:00 2001 From: dilanSachi Date: Thu, 7 Sep 2023 14:02:03 +0530 Subject: [PATCH 3/3] Bump bouncycastle --- ballerina/build.gradle | 4 ++-- build-config/resources/Ballerina.toml | 8 ++++---- gradle.properties | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/ballerina/build.gradle b/ballerina/build.gradle index 5dfd2415e..076dc7117 100644 --- a/ballerina/build.gradle +++ b/ballerina/build.gradle @@ -111,10 +111,10 @@ dependencies { externalJars(group: 'commons-pool.wso2', name: 'commons-pool', version: "${wso2CommonsPoolVersion}") { transitive = false } - externalJars(group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: "${bouncycastleVersion}") { + externalJars(group: 'org.bouncycastle', name: 'bcprov-jdk18on', version: "${bouncycastleVersion}") { transitive = false } - externalJars(group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version: "${bouncycastleVersion}") { + externalJars(group: 'org.bouncycastle', name: 'bcpkix-jdk18on', version: "${bouncycastleVersion}") { transitive = false } externalJars(group: 'io.netty', name: 'netty-tcnative-classes', version: "${nettyTcnativeVersion}") { diff --git a/build-config/resources/Ballerina.toml b/build-config/resources/Ballerina.toml index 7cc9ad6be..303b32b39 100644 --- a/build-config/resources/Ballerina.toml +++ b/build-config/resources/Ballerina.toml @@ -102,15 +102,15 @@ path = "./lib/commons-pool-@commons.pool.version@.jar" [[platform.java11.dependency]] groupId = "org.bouncycastle" -artifactId = "bcprov-jdk15on" +artifactId = "bcprov-jdk18on" version = "@bouncy.castle.version@" -path = "./lib/bcprov-jdk15on-@bouncy.castle.version@.jar" +path = "./lib/bcprov-jdk18on-@bouncy.castle.version@.jar" [[platform.java11.dependency]] groupId = "org.bouncycastle" -artifactId = "bcpkix-jdk15on" +artifactId = "bcpkix-jdk18on" version = "@bouncy.castle.version@" -path = "./lib/bcpkix-jdk15on-@bouncy.castle.version@.jar" +path = "./lib/bcpkix-jdk18on-@bouncy.castle.version@.jar" [[platform.java11.dependency]] groupId = "io.netty" diff --git a/gradle.properties b/gradle.properties index 7519d0d81..5164d753d 100644 --- a/gradle.properties +++ b/gradle.properties @@ -22,7 +22,7 @@ mockitoVersion=3.7.7 jacocoVersion=0.8.8 wso2OrbitAntlrVersion=4.5.1.wso2v1 ballerinaGradlePluginVersion=1.0.0 -bouncycastleVersion=1.69 +bouncycastleVersion=1.74 wso2CommonsPoolVersion=1.5.6.wso2v1 #stdlib dependencies