Merge pull request #25 from Nuvindu/security-fix

Fix `CVE-2024-47561` security vulnerability in the Avro library
ballerina-platform · Oct 9, 2024 · a0fcf1d · a0fcf1d
2 parents 2b565f4 + 8bbb6cd
commit a0fcf1d
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 19 deletions.
diff --git a/ballerina/Ballerina.toml b/ballerina/Ballerina.toml
@@ -1,7 +1,7 @@
 [package]
 org = "ballerina"
 name = "avro"
-version = "1.0.0"
+version = "1.0.1"
 authors = ["Ballerina"]
 export=["avro"]
 keywords = ["avro", "serialization", "deserialization", "serdes"]
@@ -18,29 +18,29 @@ graalvmCompatible = true
 [[platform.java17.dependency]]
 groupId = "io.ballerina.lib"
 artifactId = "avro-native"
-version = "1.0.0"
-path = "../native/build/libs/avro-native-1.0.0.jar"
+version = "1.0.1"
+path = "../native/build/libs/avro-native-1.0.1-SNAPSHOT.jar"
 
 [[platform.java17.dependency]]
 groupId = "org.apache.avro"
 artifactId = "avro"
-version = "1.11.3"
-path = "./lib/avro-1.11.3.jar"
+version = "1.11.4"
+path = "./lib/avro-1.11.4.jar"
 
 [[platform.java17.dependency]]
 groupId = "com.fasterxml.jackson.core"
 artifactId = "jackson-core"
-version = "2.17.0"
-path = "./lib/jackson-core-2.17.0.jar"
+version = "2.18.0"
+path = "./lib/jackson-core-2.18.0.jar"
 
-[[platform.java11.dependency]]
+[[platform.java17.dependency]]
 groupId = "com.fasterxml.jackson.core"
 artifactId = "jackson-annotations"
-version = "2.17.0"
-path = "./lib/jackson-annotations-2.17.0.jar"
+version = "2.18.0"
+path = "./lib/jackson-annotations-2.18.0.jar"
 
-[[platform.java11.dependency]]
+[[platform.java17.dependency]]
 groupId = "com.fasterxml.jackson.core"
 artifactId = "jackson-databind"
-version = "2.17.0"
-path = "./lib/jackson-databind-2.17.0.jar"
+version = "2.18.0"
+path = "./lib/jackson-databind-2.18.0.jar"
diff --git a/ballerina/Dependencies.toml b/ballerina/Dependencies.toml
@@ -10,7 +10,7 @@ distribution-version = "2201.9.0"
 [[package]]
 org = "ballerina"
 name = "avro"
-version = "1.0.0"
+version = "1.0.1"
 dependencies = [
  {org = "ballerina", name = "io"},
  {org = "ballerina", name = "jballerina.java"},
@@ -23,7 +23,7 @@ modules = [
 [[package]]
 org = "ballerina"
 name = "io"
-version = "1.6.0"
+version = "1.6.1"
 scope = "testOnly"
 dependencies = [
  {org = "ballerina", name = "jballerina.java"},

diff --git a/build-config/resources/Ballerina.toml b/build-config/resources/Ballerina.toml
@@ -33,13 +33,13 @@ artifactId = "jackson-core"
 version = "@jackson.version@"
 path = "./lib/[email protected]@.jar"
 
-[[platform.java11.dependency]]
+[[platform.java17.dependency]]
 groupId = "com.fasterxml.jackson.core"
 artifactId = "jackson-annotations"
 version = "@jackson.version@"
 path = "./lib/[email protected]@.jar"
 
-[[platform.java11.dependency]]
+[[platform.java17.dependency]]
 groupId = "com.fasterxml.jackson.core"
 artifactId = "jackson-databind"
 version = "@jackson.version@"

diff --git a/gradle.properties b/gradle.properties
@@ -14,5 +14,5 @@ ballerinaGradlePluginVersion=2.0.1
 
 # Dependencies
 stdlibIoVersion=1.6.0
-avroVersion=1.11.3
-jacksonVersion=2.17.0
+avroVersion=1.11.4
+jacksonVersion=2.18.0