Closed klockla closed 2 months ago
Reverted back to GRPC 1.66.0 and updated protoc to 3.25.5
GRPC 1.68.0 is not an official release on https://github.com/grpc/grpc-java Opened discussion here for clarification: https://github.com/grpc/grpc-java/discussions/11549
Override dependency of protobuf-java to 3.25.5 instead of 3.25.3 because the later is impacted by CVE-2024-7254
The vulnerability has been patched in 3.25.5 https://github.com/advisories/GHSA-735f-pc8j-v9w8
Reverted back to GRPC 1.66.0 and updated protoc to 3.25.5
GRPC 1.68.0 is not an official release on https://github.com/grpc/grpc-java Opened discussion here for clarification: https://github.com/grpc/grpc-java/discussions/11549
Override dependency of protobuf-java to 3.25.5 instead of 3.25.3 because the later is impacted by CVE-2024-7254
The vulnerability has been patched in 3.25.5 https://github.com/advisories/GHSA-735f-pc8j-v9w8