You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@skywalking.apache.org by wu...@apache.org on 2022/10/17 16:08:57 UTC

[skywalking-java] branch main updated: Bump up grpc to 1.50.0 to fix CVE-2022-3171 (#350)

This is an automated email from the ASF dual-hosted git repository.

wusheng pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/skywalking-java.git


The following commit(s) were added to refs/heads/main by this push:
     new 54e3542406 Bump up grpc to 1.50.0 to fix CVE-2022-3171 (#350)
54e3542406 is described below

commit 54e35424060d5c812120d6b89f05fbf5f3fb164e
Author: alan <25...@qq.com>
AuthorDate: Tue Oct 18 00:08:51 2022 +0800

    Bump up grpc to 1.50.0 to fix CVE-2022-3171 (#350)
---
 CHANGES.md            | 1 +
 dist-material/LICENSE | 2 +-
 pom.xml               | 6 +++---
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index ed96930f77..20e3582841 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -14,6 +14,7 @@ Release Notes.
 * Fix `Apache ShenYu` plugin traceId empty string value. 
 * Add plugin to support [brpc-java-3.x](https://github.com/baidu/starlight/tree/brpc-java-v3)
 * Update `compose-start-script.template` to make compatible with new version docker compose
+* Bump up grpc to 1.50.0 to fix CVE-2022-3171
 
 #### Documentation
 
diff --git a/dist-material/LICENSE b/dist-material/LICENSE
index f84d20b7d7..c90e8e6c3f 100755
--- a/dist-material/LICENSE
+++ b/dist-material/LICENSE
@@ -216,7 +216,7 @@ The following components are provided under the Apache License. See project link
 The text of each license is the standard Apache 2.0 license.
 
     raphw (byte-buddy) 1.12.13: http://bytebuddy.net/ , Apache 2.0
-    Google: grpc-java 1.44.0: https://github.com/grpc/grpc-java, Apache 2.0
+    Google: grpc-java 1.50.0: https://github.com/grpc/grpc-java, Apache 2.0
     Google: gson 2.8.9: https://github.com/google/gson , Apache 2.0
     Google: proto-google-common-protos 2.0.1: https://github.com/googleapis/googleapis , Apache 2.0
     Google: jsr305 3.0.2: http://central.maven.org/maven2/com/google/code/findbugs/jsr305/3.0.0/jsr305-3.0.0.pom , Apache 2.0
diff --git a/pom.xml b/pom.xml
index 942c1650ed..6ff98534f7 100755
--- a/pom.xml
+++ b/pom.xml
@@ -87,13 +87,13 @@
 
         <!-- core lib dependency -->
         <bytebuddy.version>1.12.13</bytebuddy.version>
-        <grpc.version>1.44.0</grpc.version>
+        <grpc.version>1.50.0</grpc.version>
         <netty.version>4.1.79.Final</netty.version>
         <gson.version>2.8.9</gson.version>
         <os-maven-plugin.version>1.6.2</os-maven-plugin.version>
         <protobuf-maven-plugin.version>0.6.1</protobuf-maven-plugin.version>
-        <com.google.protobuf.protoc.version>3.17.3</com.google.protobuf.protoc.version>
-        <protoc-gen-grpc-java.plugin.version>1.44.0</protoc-gen-grpc-java.plugin.version>
+        <com.google.protobuf.protoc.version>3.21.7</com.google.protobuf.protoc.version>
+        <protoc-gen-grpc-java.plugin.version>1.50.0</protoc-gen-grpc-java.plugin.version>
         <netty-tcnative-boringssl-static.version>2.0.48.Final</netty-tcnative-boringssl-static.version>
         <javax.annotation-api.version>1.3.2</javax.annotation-api.version>
         <objenesis.version>3.1</objenesis.version>