Skip to content

Commit 1ea9278

Browse files
authored
chore: [BlackDuck] Fix CVE-2024-7254 again (#874)
1 parent 40045bf commit 1ea9278

File tree

2 files changed

+13
-7
lines changed

2 files changed

+13
-7
lines changed

cloudplatform/connectivity-ztis/pom.xml

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -88,6 +88,19 @@
8888
<groupId>io.grpc</groupId>
8989
<artifactId>grpc-protobuf</artifactId>
9090
<scope>runtime</scope>
91+
<exclusions>
92+
<exclusion>
93+
<groupId>com.google.protobuf</groupId>
94+
<artifactId>protobuf-java</artifactId>
95+
</exclusion>
96+
</exclusions>
97+
</dependency>
98+
<!-- Fix CVE-2024-7254 -->
99+
<dependency>
100+
<groupId>com.google.protobuf</groupId>
101+
<artifactId>protobuf-java</artifactId>
102+
<version>3.25.8</version>
103+
<scope>runtime</scope>
91104
</dependency>
92105
<dependency>
93106
<groupId>io.grpc</groupId>

pom.xml

Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -122,7 +122,6 @@
122122
<commons-codec.version>1.19.0</commons-codec.version>
123123
<commons-beanutils.version>1.11.0</commons-beanutils.version>
124124
<findbugs-jsr305.version>3.0.2</findbugs-jsr305.version>
125-
<protobuf-java.version>3.25.8</protobuf-java.version>
126125
<jsr305.optional>true</jsr305.optional>
127126
<maven-compiler-plugin.version>3.14.0</maven-compiler-plugin.version>
128127
<maven.compiler.proc>full</maven.compiler.proc>
@@ -297,12 +296,6 @@
297296
<artifactId>commons-beanutils</artifactId>
298297
<version>${commons-beanutils.version}</version>
299298
</dependency>
300-
<!-- resolve vulnerability CVE-2024-7254 -->
301-
<dependency>
302-
<groupId>com.google.protobuf</groupId>
303-
<artifactId>protobuf-java</artifactId>
304-
<version>${protobuf-java.version}</version>
305-
</dependency>
306299
<!--Dependencies with test scope-->
307300
<dependency>
308301
<groupId>com.sap.cloud.sdk</groupId>

0 commit comments

Comments
 (0)