From 885235c791105eac57ba357aa3c50c0c3101f49f Mon Sep 17 00:00:00 2001 From: rithin-pullela-aws Date: Tue, 31 Dec 2024 13:50:04 -0800 Subject: [PATCH 1/2] Upgraded software.amazon.awssdk from 2.25.40 to 2.29.0 to address CVE-2024-47535 Signed-off-by: rithin-pullela-aws --- ml-algorithms/build.gradle | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/ml-algorithms/build.gradle b/ml-algorithms/build.gradle index aa6b2b47af..57cf25fd00 100644 --- a/ml-algorithms/build.gradle +++ b/ml-algorithms/build.gradle @@ -62,19 +62,19 @@ dependencies { } } - implementation platform('software.amazon.awssdk:bom:2.25.40') - api 'software.amazon.awssdk:auth:2.25.40' + implementation platform('software.amazon.awssdk:bom:2.29.0') + api 'software.amazon.awssdk:auth:2.29.0' implementation 'software.amazon.awssdk:apache-client' implementation ('com.amazonaws:aws-encryption-sdk-java:2.4.1') { exclude group: 'org.bouncycastle', module: 'bcprov-ext-jdk18on' } implementation 'org.bouncycastle:bcprov-jdk18on:1.78.1' - implementation group: 'software.amazon.awssdk', name: 'aws-core', version: '2.25.40' - implementation group: 'software.amazon.awssdk', name: 's3', version: '2.25.40' - implementation group: 'software.amazon.awssdk', name: 'regions', version: '2.25.40' + implementation group: 'software.amazon.awssdk', name: 'aws-core', version: '2.29.0' + implementation group: 'software.amazon.awssdk', name: 's3', version: '2.29.0' + implementation group: 'software.amazon.awssdk', name: 'regions', version: '2.29.0' implementation 'com.jayway.jsonpath:json-path:2.9.0' implementation group: 'org.json', name: 'json', version: '20231013' - implementation group: 'software.amazon.awssdk', name: 'netty-nio-client', version: '2.25.40' + implementation group: 'software.amazon.awssdk', name: 'netty-nio-client', version: '2.29.0' testImplementation("com.fasterxml.jackson.core:jackson-annotations:${versions.jackson}") testImplementation("com.fasterxml.jackson.core:jackson-databind:${versions.jackson_databind}") testImplementation group: 'com.networknt' , name: 'json-schema-validator', version: '1.4.0' From c177b462e076bad76666e1a761a84a3d3b877d03 Mon Sep 17 00:00:00 2001 From: rithin-pullela-aws Date: Thu, 2 Jan 2025 16:03:17 -0800 Subject: [PATCH 2/2] Upgrading to 2.29.12 to upgrade netty-common library to 4.1.115 Signed-off-by: rithin-pullela-aws --- ml-algorithms/build.gradle | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/ml-algorithms/build.gradle b/ml-algorithms/build.gradle index 57cf25fd00..fab7dfbb71 100644 --- a/ml-algorithms/build.gradle +++ b/ml-algorithms/build.gradle @@ -62,19 +62,19 @@ dependencies { } } - implementation platform('software.amazon.awssdk:bom:2.29.0') - api 'software.amazon.awssdk:auth:2.29.0' + implementation platform('software.amazon.awssdk:bom:2.29.12') + api 'software.amazon.awssdk:auth:2.29.12' implementation 'software.amazon.awssdk:apache-client' implementation ('com.amazonaws:aws-encryption-sdk-java:2.4.1') { exclude group: 'org.bouncycastle', module: 'bcprov-ext-jdk18on' } implementation 'org.bouncycastle:bcprov-jdk18on:1.78.1' - implementation group: 'software.amazon.awssdk', name: 'aws-core', version: '2.29.0' - implementation group: 'software.amazon.awssdk', name: 's3', version: '2.29.0' - implementation group: 'software.amazon.awssdk', name: 'regions', version: '2.29.0' + implementation group: 'software.amazon.awssdk', name: 'aws-core', version: '2.29.12' + implementation group: 'software.amazon.awssdk', name: 's3', version: '2.29.12' + implementation group: 'software.amazon.awssdk', name: 'regions', version: '2.29.12' implementation 'com.jayway.jsonpath:json-path:2.9.0' implementation group: 'org.json', name: 'json', version: '20231013' - implementation group: 'software.amazon.awssdk', name: 'netty-nio-client', version: '2.29.0' + implementation group: 'software.amazon.awssdk', name: 'netty-nio-client', version: '2.29.12' testImplementation("com.fasterxml.jackson.core:jackson-annotations:${versions.jackson}") testImplementation("com.fasterxml.jackson.core:jackson-databind:${versions.jackson_databind}") testImplementation group: 'com.networknt' , name: 'json-schema-validator', version: '1.4.0'