summaryrefslogtreecommitdiffstats
path: root/WORKSPACE
diff options
context:
space:
mode:
authorThomas Wolf <twolf@apache.org>2024-01-12 21:23:47 +0100
committerMatthias Sohn <matthias.sohn@sap.com>2024-01-20 01:16:19 +0100
commit18d0924a432f4654c7b4b2560d0acfedf6cea97c (patch)
tree2a93bbc3660dc36e3c1f16404164edd0e1bfce05 /WORKSPACE
parentc4af3691225b5e43ec8059edeeddc6d913e948f6 (diff)
downloadjgit-18d0924a432f4654c7b4b2560d0acfedf6cea97c.tar.gz
jgit-18d0924a432f4654c7b4b2560d0acfedf6cea97c.zip
[ssh] Bump Apache MINA sshd 2.11.0 -> 2.12.0
This includes the upstream fix for CVE-2023-48795[1] ("strict KEX" protocol extension mitigating the "Terrapin attack"[2]) in JGit. [1] https://nvd.nist.gov/vuln/detail/CVE-2023-48795 [2] https://www.terrapin-attack.com/ Bug: jgit-16 Change-Id: Ie9aa5b903ea6795bd1511afea0bebdb537b56148 Signed-off-by: Thomas Wolf <twolf@apache.org>
Diffstat (limited to 'WORKSPACE')
-rw-r--r--WORKSPACE6
1 files changed, 3 insertions, 3 deletions
diff --git a/WORKSPACE b/WORKSPACE
index e90833c8af..e1272fd1d9 100644
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -90,18 +90,18 @@ maven_jar(
sha1 = "51cf043c87253c9f58b539c9f7e44c8894223850",
)
-SSHD_VERS = "2.11.0"
+SSHD_VERS = "2.12.0"
maven_jar(
name = "sshd-osgi",
artifact = "org.apache.sshd:sshd-osgi:" + SSHD_VERS,
- sha1 = "7ec6b14ab789fc4b1ce9fdcd0e13d22b5c940e7b",
+ sha1 = "32b8de1cbb722ba75bdf9898e0c41d42af00ce57",
)
maven_jar(
name = "sshd-sftp",
artifact = "org.apache.sshd:sshd-sftp:" + SSHD_VERS,
- sha1 = "3a293bba303c486a9ff6be8e11c9c68fd56b63c7",
+ sha1 = "0f96f00a07b186ea62838a6a4122e8f4cad44df6",
)
JNA_VERS = "5.14.0"