diff --git a/ballerina/Ballerina.toml b/ballerina/Ballerina.toml index 527b90d1b..44893754b 100644 --- a/ballerina/Ballerina.toml +++ b/ballerina/Ballerina.toml @@ -18,8 +18,8 @@ path = "../native/build/libs/websocket-native-2.5.1.jar" [[platform.java11.dependency]] groupId = "io.ballerina.stdlib" artifactId = "http-native" -version = "2.5.2" -path = "./lib/http-native-2.5.2.jar" +version = "2.5.4" +path = "./lib/http-native-2.5.4-20231013-152300-784fd78.jar" [[platform.java11.dependency]] groupId = "io.ballerina.stdlib" @@ -36,50 +36,50 @@ path = "./lib/constraint-native-1.0.1.jar" [[platform.java11.dependency]] groupId = "io.netty" artifactId = "netty-common" -version = "4.1.86.Final" -path = "./lib/netty-common-4.1.86.Final.jar" +version = "4.1.100.Final" +path = "./lib/netty-common-4.1.100.Final.jar" [[platform.java11.dependency]] groupId = "io.netty" artifactId = "netty-buffer" -version = "4.1.86.Final" -path = "./lib/netty-buffer-4.1.86.Final.jar" +version = "4.1.100.Final" +path = "./lib/netty-buffer-4.1.100.Final.jar" [[platform.java11.dependency]] groupId = "io.netty" artifactId = "netty-transport" -version = "4.1.86.Final" -path = "./lib/netty-transport-4.1.86.Final.jar" +version = "4.1.100.Final" +path = "./lib/netty-transport-4.1.100.Final.jar" [[platform.java11.dependency]] groupId = "io.netty" artifactId = "netty-resolver" -version = "4.1.86.Final" -path = "./lib/netty-resolver-4.1.86.Final.jar" +version = "4.1.100.Final" +path = "./lib/netty-resolver-4.1.100.Final.jar" [[platform.java11.dependency]] groupId = "io.netty" artifactId = "netty-handler" -version = "4.1.86.Final" -path = "./lib/netty-handler-4.1.86.Final.jar" +version = "4.1.100.Final" +path = "./lib/netty-handler-4.1.100.Final.jar" [[platform.java11.dependency]] groupId = "io.netty" artifactId = "netty-codec-http" -version = "4.1.86.Final" -path = "./lib/netty-codec-http-4.1.86.Final.jar" +version = "4.1.100.Final" +path = "./lib/netty-codec-http-4.1.100.Final.jar" [[platform.java11.dependency]] groupId = "io.netty" artifactId = "netty-codec" -version = "4.1.86.Final" -path = "./lib/netty-codec-4.1.86.Final.jar" +version = "4.1.100.Final" +path = "./lib/netty-codec-4.1.100.Final.jar" [[platform.java11.dependency]] groupId = "io.netty" artifactId = "netty-handler-proxy" -version = "4.1.86.Final" -path = "./lib/netty-handler-proxy-4.1.86.Final.jar" +version = "4.1.100.Final" +path = "./lib/netty-handler-proxy-4.1.100.Final.jar" [[platform.java11.dependency]] path = "../test-utils/build/libs/websocket-test-utils-2.5.1.jar" diff --git a/ballerina/Dependencies.toml b/ballerina/Dependencies.toml index b49cf6421..3e07c1692 100644 --- a/ballerina/Dependencies.toml +++ b/ballerina/Dependencies.toml @@ -36,7 +36,7 @@ dependencies = [ [[package]] org = "ballerina" name = "constraint" -version = "1.0.1" +version = "1.0.2" dependencies = [ {org = "ballerina", name = "jballerina.java"} ] @@ -47,7 +47,7 @@ modules = [ [[package]] org = "ballerina" name = "crypto" -version = "2.3.0" +version = "2.3.2" dependencies = [ {org = "ballerina", name = "jballerina.java"}, {org = "ballerina", name = "time"} @@ -69,7 +69,7 @@ dependencies = [ [[package]] org = "ballerina" name = "http" -version = "2.5.2" +version = "2.5.4" dependencies = [ {org = "ballerina", name = "auth"}, {org = "ballerina", name = "cache"}, @@ -222,7 +222,7 @@ modules = [ [[package]] org = "ballerina" name = "log" -version = "2.5.0" +version = "2.5.1" dependencies = [ {org = "ballerina", name = "io"}, {org = "ballerina", name = "jballerina.java"}, @@ -261,7 +261,7 @@ modules = [ [[package]] org = "ballerina" name = "observe" -version = "1.0.5" +version = "1.0.6" dependencies = [ {org = "ballerina", name = "jballerina.java"} ] @@ -278,7 +278,7 @@ dependencies = [ [[package]] org = "ballerina" name = "regex" -version = "1.3.1" +version = "1.3.2" dependencies = [ {org = "ballerina", name = "jballerina.java"}, {org = "ballerina", name = "lang.string"} @@ -290,7 +290,7 @@ modules = [ [[package]] org = "ballerina" name = "task" -version = "2.3.0" +version = "2.3.2" dependencies = [ {org = "ballerina", name = "jballerina.java"}, {org = "ballerina", name = "time"} @@ -311,7 +311,7 @@ modules = [ [[package]] org = "ballerina" name = "time" -version = "2.2.3" +version = "2.2.5" dependencies = [ {org = "ballerina", name = "jballerina.java"} ] @@ -322,7 +322,7 @@ modules = [ [[package]] org = "ballerina" name = "url" -version = "2.2.3" +version = "2.2.4" dependencies = [ {org = "ballerina", name = "jballerina.java"} ] diff --git a/changelog.md b/changelog.md index eee70c381..fc032a23a 100644 --- a/changelog.md +++ b/changelog.md @@ -5,6 +5,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ## [Unreleased] +### Fixed +- [Address netty vulnerability: CVE-2023-4586](https://github.com/ballerina-platform/ballerina-standard-library/issues/4908) + +## [2.5.0] - 2022-11-22 + ### Added - [Support returning streams from WebSocket services](https://github.com/ballerina-platform/ballerina-standard-library/issues/2909) diff --git a/gradle.properties b/gradle.properties index f7d9a1191..b1581d7d1 100644 --- a/gradle.properties +++ b/gradle.properties @@ -3,7 +3,7 @@ group=io.ballerina.stdlib version=2.5.1 ballerinaLangVersion=2201.3.0 ballerinaTomlParserVersion=1.2.2 -nettyVersion=4.1.86.Final +nettyVersion=4.1.100.Final slf4jVersion=1.7.30 puppycrawlCheckstyleVersion=8.18 unirestVersion=1.4.9 @@ -12,7 +12,7 @@ ballerinaGradlePluginVersion=1.0.0 gsonVersion=2.8.8 stdlibIoVersion=1.3.1 -stdlibHttpVersion=2.5.2 +stdlibHttpVersion=2.5.4 stdlibRegexVersion=1.3.1 stdlibOsVersion=1.5.0 stdlibTimeVersion=2.2.3