From 6d95294d7ce8f4694861f305cb7f5cf55fa8b019 Mon Sep 17 00:00:00 2001 From: bhashinee Date: Fri, 13 Oct 2023 17:55:36 +0530 Subject: [PATCH 1/2] [Automated] Update the native jar versions --- ballerina/Ballerina.toml | 28 ++++++++++++++-------------- ballerina/CompilerPlugin.toml | 2 +- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/ballerina/Ballerina.toml b/ballerina/Ballerina.toml index 286b4120c..1d0793cbf 100644 --- a/ballerina/Ballerina.toml +++ b/ballerina/Ballerina.toml @@ -1,7 +1,7 @@ [package] org = "ballerina" name = "websocket" -version = "2.4.0" +version = "2.4.1" authors = ["Ballerina"] keywords = ["ws", "network", "bi-directional", "streaming", "service", "client"] repository = "https://github.com/ballerina-platform/module-ballerina-websocket" @@ -12,14 +12,14 @@ distribution = "2201.2.0" [[platform.java11.dependency]] groupId = "io.ballerina.stdlib" artifactId = "websocket-native" -version = "2.4.0" -path = "../native/build/libs/websocket-native-2.4.0.jar" +version = "2.4.1" +path = "../native/build/libs/websocket-native-2.4.1-SNAPSHOT.jar" [[platform.java11.dependency]] groupId = "io.ballerina.stdlib" artifactId = "http-native" -version = "2.4.0" -path = "./lib/http-native-2.4.0.jar" +version = "2.6.2" +path = "./lib/http-native-2.6.2-20231013-151500-b205e1d.jar" [[platform.java11.dependency]] groupId = "io.ballerina.stdlib" @@ -34,29 +34,29 @@ version = "1.0.0" path = "./lib/constraint-native-1.0.0.jar" [[platform.java11.dependency]] -path = "./lib/netty-common-4.1.77.Final.jar" +path = "./lib/netty-common-4.1.100.Final.jar" [[platform.java11.dependency]] -path = "./lib/netty-buffer-4.1.77.Final.jar" +path = "./lib/netty-buffer-4.1.100.Final.jar" [[platform.java11.dependency]] -path = "./lib/netty-transport-4.1.77.Final.jar" +path = "./lib/netty-transport-4.1.100.Final.jar" [[platform.java11.dependency]] -path = "./lib/netty-resolver-4.1.77.Final.jar" +path = "./lib/netty-resolver-4.1.100.Final.jar" [[platform.java11.dependency]] -path = "./lib/netty-handler-4.1.77.Final.jar" +path = "./lib/netty-handler-4.1.100.Final.jar" [[platform.java11.dependency]] -path = "./lib/netty-codec-http-4.1.77.Final.jar" +path = "./lib/netty-codec-http-4.1.100.Final.jar" [[platform.java11.dependency]] -path = "./lib/netty-codec-4.1.77.Final.jar" +path = "./lib/netty-codec-4.1.100.Final.jar" [[platform.java11.dependency]] -path = "./lib/netty-handler-proxy-4.1.77.Final.jar" +path = "./lib/netty-handler-proxy-4.1.100.Final.jar" [[platform.java11.dependency]] -path = "../test-utils/build/libs/websocket-test-utils-2.4.0.jar" +path = "../test-utils/build/libs/websocket-test-utils-2.4.1-SNAPSHOT.jar" scope = "testOnly" diff --git a/ballerina/CompilerPlugin.toml b/ballerina/CompilerPlugin.toml index 8e2fed0d5..39fbfbc63 100644 --- a/ballerina/CompilerPlugin.toml +++ b/ballerina/CompilerPlugin.toml @@ -3,4 +3,4 @@ id = "websocket-compiler-plugin" class = "io.ballerina.stdlib.websocket.plugin.WebSocketCompilerPlugin" [[dependency]] -path = "../compiler-plugin/build/libs/websocket-compiler-plugin-2.4.0.jar" +path = "../compiler-plugin/build/libs/websocket-compiler-plugin-2.4.1-SNAPSHOT.jar" From 96d26987997f756b00018e8f84a249a9a8b7def4 Mon Sep 17 00:00:00 2001 From: bhashinee Date: Fri, 13 Oct 2023 18:02:42 +0530 Subject: [PATCH 2/2] Update netty version --- changelog.md | 4 ++++ gradle.properties | 6 +++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/changelog.md b/changelog.md index 097e48ee9..68a5d1d24 100644 --- a/changelog.md +++ b/changelog.md @@ -4,6 +4,10 @@ This file contains all the notable changes done to the Ballerina WebSocket packa The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] +### Fixed +- [Address netty vulnerability: CVE-2023-4586](https://github.com/ballerina-platform/ballerina-standard-library/issues/4908) + +## [2.4.0] - 2022-06-30 ### Added - [Incorporate constraint validation](https://github.com/ballerina-platform/ballerina-standard-library/issues/3058) diff --git a/gradle.properties b/gradle.properties index 3ac562f9a..bd0ff10a4 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,9 +1,9 @@ org.gradle.caching=true group=io.ballerina.stdlib -version=2.4.0 +version=2.4.1-SNAPSHOT ballerinaLangVersion=2201.2.0 ballerinaTomlParserVersion=1.2.2 -nettyVersion=4.1.77.Final +nettyVersion=4.1.100.Final slf4jVersion=1.7.30 puppycrawlCheckstyleVersion=8.18 unirestVersion=1.4.9 @@ -12,7 +12,7 @@ ballerinaGradlePluginVersion=0.14.1 gsonVersion=2.8.8 stdlibIoVersion=1.3.0 -stdlibHttpVersion=2.4.0 +stdlibHttpVersion=2.6.2-20231013-151500-b205e1d stdlibRegexVersion=1.3.0 stdlibOsVersion=1.4.0 stdlibTimeVersion=2.2.2