From dea472204535598b82ba0e1251675d10ae681aaf Mon Sep 17 00:00:00 2001 From: Stephan Krusche Date: Sat, 5 Oct 2024 14:52:40 +0200 Subject: [PATCH] Use latest version of protobuf-java to avoid security vulnerability --- firebase/build.gradle | 6 ++++++ .../tum/cit/artemis/push/firebase/FirebaseSendService.java | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/firebase/build.gradle b/firebase/build.gradle index 553bd2c..8347c47 100644 --- a/firebase/build.gradle +++ b/firebase/build.gradle @@ -21,6 +21,12 @@ dependencies { implementation 'org.springframework.boot:spring-boot-starter-web' implementation "com.google.firebase:firebase-admin:9.3.0" + + // use the latest version to avoid security vulnerabilities + // TODO: I don't think we need this dependency, we could also try to exclude it + implementation "com.google.protobuf:protobuf-java:4.28.2" + implementation "com.google.protobuf:protobuf-java-util:4.28.2" + implementation(project(":common")) } diff --git a/firebase/src/main/java/de/tum/cit/artemis/push/firebase/FirebaseSendService.java b/firebase/src/main/java/de/tum/cit/artemis/push/firebase/FirebaseSendService.java index 2a65ced..5a434ce 100644 --- a/firebase/src/main/java/de/tum/cit/artemis/push/firebase/FirebaseSendService.java +++ b/firebase/src/main/java/de/tum/cit/artemis/push/firebase/FirebaseSendService.java @@ -60,7 +60,7 @@ public ResponseEntity send(List requests) { .toList(); try { - FirebaseMessaging.getInstance(firebaseApp.get()).sendAll(batch); + FirebaseMessaging.getInstance(firebaseApp.get()).sendEach(batch); } catch (FirebaseMessagingException e) { return ResponseEntity.status(HttpStatus.EXPECTATION_FAILED).build(); }