diff --git a/.github/workflows/build-timestamped-master.yml b/.github/workflows/build-timestamped-master.yml index 5402145f2..04c7f5bfd 100644 --- a/.github/workflows/build-timestamped-master.yml +++ b/.github/workflows/build-timestamped-master.yml @@ -14,5 +14,5 @@ jobs: call_workflow: name: Run Build Workflow if: ${{ github.repository_owner == 'ballerina-platform' }} - uses: ballerina-platform/ballerina-library/.github/workflows/build-timestamp-master-template.yml@main + uses: ballerina-platform/ballerina-library/.github/workflows/build-timestamp-master-template.yml@2201.10.x secrets: inherit diff --git a/.github/workflows/build-with-bal-test-graalvm.yml b/.github/workflows/build-with-bal-test-graalvm.yml index 313df8f04..051357db8 100644 --- a/.github/workflows/build-with-bal-test-graalvm.yml +++ b/.github/workflows/build-with-bal-test-graalvm.yml @@ -20,6 +20,7 @@ on: pull_request: branches: - master + - 2201.9.x types: [opened, synchronize, reopened, labeled, unlabeled] concurrency: @@ -30,7 +31,7 @@ jobs: call_stdlib_workflow: name: Run StdLib Workflow if: ${{ github.event_name != 'schedule' || (github.event_name == 'schedule' && github.repository_owner == 'ballerina-platform') }} - uses: ballerina-platform/ballerina-library/.github/workflows/build-with-bal-test-graalvm-template.yml@main + uses: ballerina-platform/ballerina-library/.github/workflows/build-with-bal-test-graalvm-template.yml@2201.10.x with: lang_tag: ${{ inputs.lang_tag }} lang_version: ${{ inputs.lang_version }} diff --git a/.github/workflows/central-publish.yml b/.github/workflows/central-publish.yml index 2634fd680..b7d5faca0 100644 --- a/.github/workflows/central-publish.yml +++ b/.github/workflows/central-publish.yml @@ -16,7 +16,7 @@ jobs: call_workflow: name: Run Central Publish Workflow if: ${{ github.repository_owner == 'ballerina-platform' }} - uses: ballerina-platform/ballerina-library/.github/workflows/central-publish-template.yml@main + uses: ballerina-platform/ballerina-library/.github/workflows/central-publish-template.yml@2201.10.x secrets: inherit with: environment: ${{ github.event.inputs.environment }} diff --git a/.github/workflows/process-load-test-result.yml b/.github/workflows/process-load-test-result.yml index 6aa142c97..f82e2e181 100644 --- a/.github/workflows/process-load-test-result.yml +++ b/.github/workflows/process-load-test-result.yml @@ -6,7 +6,7 @@ on: jobs: call_stdlib_process_load_test_results_workflow: name: Run StdLib Process Load Test Results Workflow - uses: ballerina-platform/ballerina-library/.github/workflows/process-load-test-results-template.yml@main + uses: ballerina-platform/ballerina-library/.github/workflows/process-load-test-results-template.yml@2201.10.x with: results: ${{ toJson(github.event.client_payload.results) }} secrets: diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index 2b681aef8..9d4f75760 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -9,7 +9,7 @@ jobs: call_workflow: name: Run Release Workflow if: ${{ github.repository_owner == 'ballerina-platform' }} - uses: ballerina-platform/ballerina-library/.github/workflows/release-package-template.yml@main + uses: ballerina-platform/ballerina-library/.github/workflows/release-package-template.yml@2201.10.x secrets: inherit with: package-name: grpc diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index ecfa72cec..936284e61 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -10,5 +10,5 @@ jobs: call_workflow: name: Run PR Build Workflow if: ${{ github.repository_owner == 'ballerina-platform' }} - uses: ballerina-platform/ballerina-library/.github/workflows/pull-request-build-template.yml@main + uses: ballerina-platform/ballerina-library/.github/workflows/pull-request-build-template.yml@2201.10.x secrets: inherit diff --git a/.github/workflows/trigger-load-tests.yml b/.github/workflows/trigger-load-tests.yml index 10b4e563c..ad460932c 100644 --- a/.github/workflows/trigger-load-tests.yml +++ b/.github/workflows/trigger-load-tests.yml @@ -22,7 +22,7 @@ jobs: call_stdlib_trigger_load_test_workflow: name: Run StdLib Load Test Workflow if: ${{ github.event_name != 'schedule' || (github.event_name == 'schedule' && github.repository_owner == 'ballerina-platform') }} - uses: ballerina-platform/ballerina-library/.github/workflows/trigger-load-tests-template.yml@main + uses: ballerina-platform/ballerina-library/.github/workflows/trigger-load-tests-template.yml@2201.10.x with: repo_name: 'module-ballerina-grpc' runtime_artifacts_url: 'https://api.github.com/repos/ballerina-platform/module-ballerina-grpc/actions/artifacts' diff --git a/.github/workflows/trivy-scan.yml b/.github/workflows/trivy-scan.yml index c02c8ff42..c29d8f2a6 100644 --- a/.github/workflows/trivy-scan.yml +++ b/.github/workflows/trivy-scan.yml @@ -9,5 +9,5 @@ jobs: call_workflow: name: Run Trivy Scan Workflow if: ${{ github.repository_owner == 'ballerina-platform' }} - uses: ballerina-platform/ballerina-library/.github/workflows/trivy-scan-template.yml@main + uses: ballerina-platform/ballerina-library/.github/workflows/trivy-scan-template.yml@2201.10.x secrets: inherit diff --git a/ballerina/Ballerina.toml b/ballerina/Ballerina.toml index cb5b01513..8830d00d4 100644 --- a/ballerina/Ballerina.toml +++ b/ballerina/Ballerina.toml @@ -1,7 +1,7 @@ [package] org = "ballerina" name = "grpc" -version = "1.11.2" +version = "1.11.3" distribution = "2201.9.0" authors = ["Ballerina"] keywords = ["network", "grpc", "protobuf", "server-streaming", "client-streaming", "bidirectional-streaming"] @@ -16,11 +16,11 @@ graalvmCompatible = true [[platform.java17.dependency]] groupId = "io.ballerina.stdlib" artifactId = "grpc-native" -version = "1.11.2" -path = "../native/build/libs/grpc-native-1.11.2.jar" +version = "1.11.3" +path = "../native/build/libs/grpc-native-1.11.3-SNAPSHOT.jar" [[platform.java17.dependency]] -path = "../test-utils/build/libs/grpc-test-utils-1.11.2.jar" +path = "../test-utils/build/libs/grpc-test-utils-1.11.3-SNAPSHOT.jar" scope = "testOnly" [[platform.java17.dependency]] @@ -40,62 +40,62 @@ path = "./lib/http-native-2.11.0.jar" [[platform.java17.dependency]] groupId = "io.netty" artifactId = "netty-common" -version = "4.1.108.Final" -path = "./lib/netty-common-4.1.108.Final.jar" +version = "4.1.115.Final" +path = "./lib/netty-common-4.1.115.Final.jar" [[platform.java17.dependency]] groupId = "io.netty" artifactId = "netty-buffer" -version = "4.1.108.Final" -path = "./lib/netty-buffer-4.1.108.Final.jar" +version = "4.1.115.Final" +path = "./lib/netty-buffer-4.1.115.Final.jar" [[platform.java17.dependency]] groupId = "io.netty" artifactId = "netty-transport" -version = "4.1.108.Final" -path = "./lib/netty-transport-4.1.108.Final.jar" +version = "4.1.115.Final" +path = "./lib/netty-transport-4.1.115.Final.jar" [[platform.java17.dependency]] groupId = "io.netty" artifactId = "netty-resolver" -version = "4.1.108.Final" -path = "./lib/netty-resolver-4.1.108.Final.jar" +version = "4.1.115.Final" +path = "./lib/netty-resolver-4.1.115.Final.jar" [[platform.java17.dependency]] groupId = "io.netty" artifactId = "netty-handler" -version = "4.1.108.Final" -path = "./lib/netty-handler-4.1.108.Final.jar" +version = "4.1.115.Final" +path = "./lib/netty-handler-4.1.115.Final.jar" [[platform.java17.dependency]] groupId = "io.netty" artifactId = "netty-codec-http" -version = "4.1.108.Final" -path = "./lib/netty-codec-http-4.1.108.Final.jar" +version = "4.1.115.Final" +path = "./lib/netty-codec-http-4.1.115.Final.jar" [[platform.java17.dependency]] groupId = "io.netty" artifactId = "netty-codec" -version = "4.1.108.Final" -path = "./lib/netty-codec-4.1.108.Final.jar" +version = "4.1.115.Final" +path = "./lib/netty-codec-4.1.115.Final.jar" [[platform.java17.dependency]] groupId = "io.netty" artifactId = "netty-handler-proxy" -version = "4.1.108.Final" -path = "./lib/netty-handler-proxy-4.1.108.Final.jar" +version = "4.1.115.Final" +path = "./lib/netty-handler-proxy-4.1.115.Final.jar" [[platform.java17.dependency]] groupId = "io.netty" artifactId = "netty-codec-http2" -version = "4.1.108.Final" -path = "./lib/netty-codec-http2-4.1.108.Final.jar" +version = "4.1.115.Final" +path = "./lib/netty-codec-http2-4.1.115.Final.jar" [[platform.java17.dependency]] groupId = "io.netty" artifactId = "netty-transport-native-unix-common" -version = "4.1.108.Final" -path = "./lib/netty-transport-native-unix-common-4.1.108.Final.jar" +version = "4.1.115.Final" +path = "./lib/netty-transport-native-unix-common-4.1.115.Final.jar" [[platform.java17.dependency]] groupId = "commons.pool.wso2" diff --git a/ballerina/CompilerPlugin.toml b/ballerina/CompilerPlugin.toml index 233db0448..12c9ed384 100644 --- a/ballerina/CompilerPlugin.toml +++ b/ballerina/CompilerPlugin.toml @@ -3,4 +3,4 @@ id = "grpc-compiler-plugin" class = "io.ballerina.stdlib.grpc.plugin.GrpcCompilerPlugin" [[dependency]] -path = "../compiler-plugin/build/libs/grpc-compiler-plugin-1.11.2.jar" +path = "../compiler-plugin/build/libs/grpc-compiler-plugin-1.11.3-SNAPSHOT.jar" diff --git a/ballerina/Dependencies.toml b/ballerina/Dependencies.toml index 07ad50377..bfc67ccbb 100644 --- a/ballerina/Dependencies.toml +++ b/ballerina/Dependencies.toml @@ -68,7 +68,7 @@ dependencies = [ [[package]] org = "ballerina" name = "grpc" -version = "1.11.2" +version = "1.11.3" dependencies = [ {org = "ballerina", name = "auth"}, {org = "ballerina", name = "crypto"}, @@ -94,7 +94,7 @@ modules = [ [[package]] org = "ballerina" name = "http" -version = "2.11.0" +version = "2.11.3" scope = "testOnly" dependencies = [ {org = "ballerina", name = "auth"}, diff --git a/changelog.md b/changelog.md index 46f9d9172..4eea0d832 100644 --- a/changelog.md +++ b/changelog.md @@ -4,6 +4,12 @@ This file contains all the notable changes done to the Ballerina gRPC package th The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [Unreleased] + +### Fixed + +- [Address CVE-2024-47535 vulnerability](https://github.com/ballerina-platform/ballerina-library/issues/7358) + ## [1.11.2] - 2024-09-26 ### Fixed diff --git a/gradle.properties b/gradle.properties index bbbdfd18a..3dfb68872 100644 --- a/gradle.properties +++ b/gradle.properties @@ -10,7 +10,7 @@ slf4jVersion=1.7.30 protoGoogleCommonsVersion=1.17.0 protobufJavaVersion=3.25.5 jknackHandlebarsVersion=4.0.6 -nettyVersion=4.1.108.Final +nettyVersion=4.1.115.Final nettyTcnativeVersion=2.0.65.Final picocliVersion=4.0.1 githubSpotbugsVersion=5.0.14