From 6e0ef34a84d851a32905e9e4b05d9d762f93e994 Mon Sep 17 00:00:00 2001 From: Julian Ladisch Date: Tue, 19 Nov 2024 18:04:03 +0100 Subject: [PATCH] MSEARCH-889: opensearch 2.18.0 fixing protobuf-java vuln (CVE-2024-7254) Upgrade opensearch from 2.17.1 to 2.18.0. This indirectly upgrades protobuf-java from 3.22.3 to 3.25.5 fixing infinite recursion stack overflow. * https://www.cve.org/CVERecord?id=CVE-2024-7254 --- NEWS.md | 2 +- pom.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/NEWS.md b/NEWS.md index 01d7cafeb..b2a010a84 100644 --- a/NEWS.md +++ b/NEWS.md @@ -17,7 +17,7 @@ * Description ([ISSUE](https://folio-org.atlassian.net/browse/ISSUE)) ### Dependencies -* Bump `LIB_NAME` from `OLD_VERSION` to `NEW_VERSION` +* Bump `opensearch` from `2.17.1` to `2.18.0` fixing protobuf-java CVE-2024-7254 ([MSEARCH-889](https://folio-org.atlassian.net/browse/MSEARCH-889)) * Add `LIB_NAME VERSION` * Remove `LIB_NAME` diff --git a/pom.xml b/pom.xml index 67cae19ad..e9c7adc20 100644 --- a/pom.xml +++ b/pom.xml @@ -38,7 +38,7 @@ 4.2.0-SNAPSHOT 1.7.0-SNAPSHOT 35.3.0 - 2.17.1 + 2.18.0 1.6.2 2.17.0 4.4