Skip to content

2.0.8 Fixed vulnerability CVE-2024-7254 in com.google.protobuf:protobuf-java:jar:3.19.6:provided

Latest
Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 23 Sep 13:50
2.0.8
bba819b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

This release fixes vulnerability CVE-2024-7254 in com.google.protobuf:protobuf-java:jar:3.19.6:provided which could lead to unbounded recursion.

Security

Dependency Updates

Compile Dependency Updates

  • Removed io.netty:netty-all:4.1.111.Final
  • Removed joda-time:joda-time:2.12.7
  • Removed org.apache.avro:avro:1.11.3
  • Removed org.apache.commons:commons-compress:1.26.2
  • Removed org.apache.ivy:ivy:2.5.2
  • Removed org.apache.zookeeper:zookeeper:3.9.2
  • Removed org.codehaus.janino:janino:3.1.12
  • Removed org.xerial.snappy:snappy-java:1.1.10.5
Assets 4
Loading