Skip to content

Commit

Permalink
other(cve): Fix CVE-2024-7254 (#3408) (#3412)
Browse files Browse the repository at this point in the history
(cherry picked from commit 351c15c)

Co-authored-by: Jonathan <[email protected]>
  • Loading branch information
sbuettner and johnBgood authored Oct 1, 2024
1 parent cb6667b commit 26e0d1f
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 7 deletions.
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
# Snyk cache
.dccache

# Compiled class file
*.class

Expand Down
7 changes: 0 additions & 7 deletions bundle/camunda-saas-bundle/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -28,13 +28,6 @@
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>

<!-- Fix CVE-2024-7254 -->
<dependency>
<groupId>com.google.protobuf</groupId>
<artifactId>protobuf-java-util</artifactId>
<version>3.25.5</version>
</dependency>

<dependency>
<groupId>io.camunda.connector</groupId>
<artifactId>connector-gcp-secret-provider</artifactId>
Expand Down
6 changes: 6 additions & 0 deletions connectors/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,12 @@ except in compliance with the proprietary license.</license.inlineheader>
</properties>

<dependencies>
<!-- Fix CVE-2024-7254 -->
<dependency>
<groupId>com.google.protobuf</groupId>
<artifactId>protobuf-java-util</artifactId>
<version>3.25.5</version>
</dependency>
<dependency>
<groupId>io.camunda.connector</groupId>
<artifactId>connector-validation</artifactId>
Expand Down
6 changes: 6 additions & 0 deletions parent/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -480,6 +480,12 @@ limitations under the License.</license.inlineheader>
<artifactId>protobuf-java</artifactId>
<version>3.25.5</version>
</dependency>
<!-- Fix CVE-2024-7254 -->
<dependency>
<groupId>com.google.protobuf</groupId>
<artifactId>protobuf-java-util</artifactId>
<version>3.25.5</version>
</dependency>

<dependency>
<groupId>org.bouncycastle</groupId>
Expand Down

0 comments on commit 26e0d1f

Please sign in to comment.