diff --git a/ballerina/Ballerina.toml b/ballerina/Ballerina.toml index 76f1f35e5..f14da21c3 100644 --- a/ballerina/Ballerina.toml +++ b/ballerina/Ballerina.toml @@ -1,7 +1,7 @@ [package] org = "ballerina" name = "grpc" -version = "1.10.7" +version = "1.10.8" distribution = "2201.8.0" authors = ["Ballerina"] keywords = ["network", "grpc", "protobuf", "server-streaming", "client-streaming", "bidirectional-streaming"] @@ -16,11 +16,11 @@ graalvmCompatible = true [[platform.java17.dependency]] groupId = "io.ballerina.stdlib" artifactId = "grpc-native" -version = "1.10.7" -path = "../native/build/libs/grpc-native-1.10.7.jar" +version = "1.10.8" +path = "../native/build/libs/grpc-native-1.10.8-SNAPSHOT.jar" [[platform.java17.dependency]] -path = "../test-utils/build/libs/grpc-test-utils-1.10.7.jar" +path = "../test-utils/build/libs/grpc-test-utils-1.10.8-SNAPSHOT.jar" scope = "testOnly" [[platform.java17.dependency]] @@ -34,68 +34,68 @@ scope = "testOnly" [[platform.java17.dependency]] groupId = "io.ballerina.stdlib" artifactId = "http-native" -version = "2.10.12" -path = "./lib/http-native-2.10.12.jar" +version = "2.10.14" +path = "./lib/http-native-2.10.14.jar" [[platform.java17.dependency]] groupId = "io.netty" artifactId = "netty-common" -version = "4.1.100.Final" -path = "./lib/netty-common-4.1.100.Final.jar" +version = "4.1.108.Final" +path = "./lib/netty-common-4.1.108.Final.jar" [[platform.java17.dependency]] groupId = "io.netty" artifactId = "netty-buffer" -version = "4.1.100.Final" -path = "./lib/netty-buffer-4.1.100.Final.jar" +version = "4.1.108.Final" +path = "./lib/netty-buffer-4.1.108.Final.jar" [[platform.java17.dependency]] groupId = "io.netty" artifactId = "netty-transport" -version = "4.1.100.Final" -path = "./lib/netty-transport-4.1.100.Final.jar" +version = "4.1.108.Final" +path = "./lib/netty-transport-4.1.108.Final.jar" [[platform.java17.dependency]] groupId = "io.netty" artifactId = "netty-resolver" -version = "4.1.100.Final" -path = "./lib/netty-resolver-4.1.100.Final.jar" +version = "4.1.108.Final" +path = "./lib/netty-resolver-4.1.108.Final.jar" [[platform.java17.dependency]] groupId = "io.netty" artifactId = "netty-handler" -version = "4.1.100.Final" -path = "./lib/netty-handler-4.1.100.Final.jar" +version = "4.1.108.Final" +path = "./lib/netty-handler-4.1.108.Final.jar" [[platform.java17.dependency]] groupId = "io.netty" artifactId = "netty-codec-http" -version = "4.1.100.Final" -path = "./lib/netty-codec-http-4.1.100.Final.jar" +version = "4.1.108.Final" +path = "./lib/netty-codec-http-4.1.108.Final.jar" [[platform.java17.dependency]] groupId = "io.netty" artifactId = "netty-codec" -version = "4.1.100.Final" -path = "./lib/netty-codec-4.1.100.Final.jar" +version = "4.1.108.Final" +path = "./lib/netty-codec-4.1.108.Final.jar" [[platform.java17.dependency]] groupId = "io.netty" artifactId = "netty-handler-proxy" -version = "4.1.100.Final" -path = "./lib/netty-handler-proxy-4.1.100.Final.jar" +version = "4.1.108.Final" +path = "./lib/netty-handler-proxy-4.1.108.Final.jar" [[platform.java17.dependency]] groupId = "io.netty" artifactId = "netty-codec-http2" -version = "4.1.100.Final" -path = "./lib/netty-codec-http2-4.1.100.Final.jar" +version = "4.1.108.Final" +path = "./lib/netty-codec-http2-4.1.108.Final.jar" [[platform.java17.dependency]] groupId = "io.netty" artifactId = "netty-transport-native-unix-common" -version = "4.1.100.Final" -path = "./lib/netty-transport-native-unix-common-4.1.100.Final.jar" +version = "4.1.108.Final" +path = "./lib/netty-transport-native-unix-common-4.1.108.Final.jar" [[platform.java17.dependency]] groupId = "commons.pool.wso2" @@ -106,41 +106,41 @@ path = "./lib/commons-pool-1.5.6.wso2v1.jar" [[platform.java17.dependency]] groupId = "org.bouncycastle" artifactId = "bcprov-jdk18on" -version = "1.74" -path = "./lib/bcprov-jdk18on-1.74.jar" +version = "1.78" +path = "./lib/bcprov-jdk18on-1.78.jar" [[platform.java17.dependency]] groupId = "org.bouncycastle" artifactId = "bcpkix-jdk18on" -version = "1.74" -path = "./lib/bcpkix-jdk18on-1.74.jar" +version = "1.78" +path = "./lib/bcpkix-jdk18on-1.78.jar" [[platform.java17.dependency]] groupId = "io.netty" artifactId = "netty-tcnative-classes" -version = "2.0.62.Final" -path = "./lib/netty-tcnative-classes-2.0.62.Final.jar" +version = "2.0.65.Final" +path = "./lib/netty-tcnative-classes-2.0.65.Final.jar" [[platform.java17.dependency]] groupId = "io.netty" artifactId = "netty-tcnative-boringssl-static" -version = "2.0.62.Final" -path = "./lib/netty-tcnative-boringssl-static-2.0.62.Final.jar" +version = "2.0.65.Final" +path = "./lib/netty-tcnative-boringssl-static-2.0.65.Final.jar" [[platform.java17.dependency]] -path = "./lib/netty-tcnative-boringssl-static-2.0.62.Final-windows-x86_64.jar" +path = "./lib/netty-tcnative-boringssl-static-2.0.65.Final-windows-x86_64.jar" [[platform.java17.dependency]] -path = "./lib/netty-tcnative-boringssl-static-2.0.62.Final-linux-aarch_64.jar" +path = "./lib/netty-tcnative-boringssl-static-2.0.65.Final-linux-aarch_64.jar" [[platform.java17.dependency]] -path = "./lib/netty-tcnative-boringssl-static-2.0.62.Final-linux-x86_64.jar" +path = "./lib/netty-tcnative-boringssl-static-2.0.65.Final-linux-x86_64.jar" [[platform.java17.dependency]] -path = "./lib/netty-tcnative-boringssl-static-2.0.62.Final-osx-aarch_64.jar" +path = "./lib/netty-tcnative-boringssl-static-2.0.65.Final-osx-aarch_64.jar" [[platform.java17.dependency]] -path = "./lib/netty-tcnative-boringssl-static-2.0.62.Final-osx-x86_64.jar" +path = "./lib/netty-tcnative-boringssl-static-2.0.65.Final-osx-x86_64.jar" [[platform.java17.dependency]] groupId = "com.google.protobuf" diff --git a/ballerina/CompilerPlugin.toml b/ballerina/CompilerPlugin.toml index 8acb8281c..3951a527d 100644 --- a/ballerina/CompilerPlugin.toml +++ b/ballerina/CompilerPlugin.toml @@ -3,4 +3,4 @@ id = "grpc-compiler-plugin" class = "io.ballerina.stdlib.grpc.plugin.GrpcCompilerPlugin" [[dependency]] -path = "../compiler-plugin/build/libs/grpc-compiler-plugin-1.10.7.jar" +path = "../compiler-plugin/build/libs/grpc-compiler-plugin-1.10.8-SNAPSHOT.jar" diff --git a/ballerina/Dependencies.toml b/ballerina/Dependencies.toml index 8d4f5cff5..ced7e903e 100644 --- a/ballerina/Dependencies.toml +++ b/ballerina/Dependencies.toml @@ -68,7 +68,7 @@ dependencies = [ [[package]] org = "ballerina" name = "grpc" -version = "1.10.7" +version = "1.10.8" dependencies = [ {org = "ballerina", name = "auth"}, {org = "ballerina", name = "crypto"}, @@ -94,7 +94,7 @@ modules = [ [[package]] org = "ballerina" name = "http" -version = "2.10.12" +version = "2.10.14" scope = "testOnly" dependencies = [ {org = "ballerina", name = "auth"}, @@ -289,7 +289,7 @@ modules = [ [[package]] org = "ballerina" name = "observe" -version = "1.2.2" +version = "1.2.3" dependencies = [ {org = "ballerina", name = "jballerina.java"} ] diff --git a/changelog.md b/changelog.md index d104fb168..65d3353e4 100644 --- a/changelog.md +++ b/changelog.md @@ -5,6 +5,15 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## Unreleased +### Fixed +- [Address netty vulnerability: CVE-2024-29025](https://github.com/ballerina-platform/ballerina-library/issues/6242) +- [Address bouncy castle vulnerability: CVE-2024-29857](https://github.com/ballerina-platform/ballerina-library/issues/6635) + +## [1.10.7] - 2024-04-16 +### Fixed +- [Fix client headers getting forwarded back to the client](https://github.com/ballerina-platform/ballerina-library/issues/6334) + +## [1.10.6] - 2024-02-01 ### Added - [Added `maxHeaderSize` in `grpc:ListenerConfiguration`](https://github.com/ballerina-platform/ballerina-library/issues/5969) diff --git a/gradle.properties b/gradle.properties index ba403eded..02f4c9c72 100644 --- a/gradle.properties +++ b/gradle.properties @@ -10,8 +10,8 @@ slf4jVersion=1.7.30 protoGoogleCommonsVersion=1.17.0 protobufJavaVersion=3.20.3 jknackHandlebarsVersion=4.0.6 -nettyVersion=4.1.100.Final -nettyTcnativeVersion=2.0.62.Final +nettyVersion=4.1.108.Final +nettyTcnativeVersion=2.0.65.Final picocliVersion=4.0.1 githubSpotbugsVersion=5.0.14 githubJohnrengelmanShadowVersion=8.1.1 @@ -22,7 +22,7 @@ mockitoVersion=5.3.1 jacocoVersion=0.8.10 wso2OrbitAntlrVersion=4.5.1.wso2v1 ballerinaGradlePluginVersion=2.0.1 -bouncycastleVersion=1.74 +bouncycastleVersion=1.78 wso2CommonsPoolVersion=1.5.6.wso2v1 #stdlib dependencies @@ -47,7 +47,7 @@ stdlibAuthVersion=2.10.0 stdlibJwtVersion=2.10.0 stdlibOAuth2Version=2.10.0 -stdlibHttpVersion=2.10.12 +stdlibHttpVersion=2.10.14 # Ballerinax Observer observeVersion=1.2.0