Skip to content

Commit

Permalink
MSEARCH-889: opensearch 2.18.0 fixing protobuf-java vuln (CVE-2024-7254)
Browse files Browse the repository at this point in the history
Upgrade opensearch from 2.17.1 to 2.18.0.

This indirectly upgrades protobuf-java from 3.22.3 to 3.25.5 fixing infinite recursion stack overflow.

* https://www.cve.org/CVERecord?id=CVE-2024-7254
  • Loading branch information
julianladisch committed Nov 19, 2024
1 parent 7473f32 commit 6e0ef34
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion NEWS.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
* Description ([ISSUE](https://folio-org.atlassian.net/browse/ISSUE))

### Dependencies
* Bump `LIB_NAME` from `OLD_VERSION` to `NEW_VERSION`
* Bump `opensearch` from `2.17.1` to `2.18.0` fixing protobuf-java CVE-2024-7254 ([MSEARCH-889](https://folio-org.atlassian.net/browse/MSEARCH-889))
* Add `LIB_NAME VERSION`
* Remove `LIB_NAME`

Expand Down
2 changes: 1 addition & 1 deletion pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@
<folio-service-tools.version>4.2.0-SNAPSHOT</folio-service-tools.version>
<folio-isbn-utils.version>1.7.0-SNAPSHOT</folio-isbn-utils.version>
<folio-cql2pgjson.version>35.3.0</folio-cql2pgjson.version>
<opensearch.version>2.17.1</opensearch.version>
<opensearch.version>2.18.0</opensearch.version>
<mapstruct.version>1.6.2</mapstruct.version>
<apache-commons-io.version>2.17.0</apache-commons-io.version>
<apache-commons-collections.version>4.4</apache-commons-collections.version>
Expand Down

0 comments on commit 6e0ef34

Please sign in to comment.