other(cve): Fix CVE-2024-7254 (#3408) (#3410)

(cherry picked from commit 351c15c) Co-authored-by: Jonathan <[email protected]>
camunda · Oct 1, 2024 · 6cb426c · 6cb426c
1 parent e597934
commit 6cb426c
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,6 @@
+# Snyk cache
+.dccache
+
 # Compiled class file
 *.class
 

diff --git a/connectors/pom.xml b/connectors/pom.xml
@@ -38,6 +38,12 @@ except in compliance with the proprietary license.</license.inlineheader>
   </properties>
 
   <dependencies>
+    <!-- Fix CVE-2024-7254 -->
+    <dependency>
+      <groupId>com.google.protobuf</groupId>
+      <artifactId>protobuf-java-util</artifactId>
+      <version>3.25.5</version>
+    </dependency>
     <dependency>
       <groupId>io.camunda.connector</groupId>
       <artifactId>connector-validation</artifactId>

diff --git a/parent/pom.xml b/parent/pom.xml
@@ -451,6 +451,12 @@ limitations under the License.</license.inlineheader>
         <artifactId>protobuf-java</artifactId>
         <version>3.25.5</version>
       </dependency>
+      <!-- Fix CVE-2024-7254 -->
+      <dependency>
+        <groupId>com.google.protobuf</groupId>
+        <artifactId>protobuf-java-util</artifactId>
+        <version>3.25.5</version>
+      </dependency>
 
       <dependency>
         <groupId>org.bouncycastle</groupId>