Use latest version of protobuf-java to avoid security vulnerability

ls1intum · Oct 5, 2024 · dea4722 · dea4722
1 parent 3b3a6d0
commit dea4722
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/firebase/build.gradle b/firebase/build.gradle
@@ -21,6 +21,12 @@ dependencies {
     implementation 'org.springframework.boot:spring-boot-starter-web'
 
     implementation "com.google.firebase:firebase-admin:9.3.0"
+
+    // use the latest version to avoid security vulnerabilities
+    // TODO: I don't think we need this dependency, we could also try to exclude it
+    implementation "com.google.protobuf:protobuf-java:4.28.2"
+    implementation "com.google.protobuf:protobuf-java-util:4.28.2"
+
     implementation(project(":common"))
 }
 

diff --git a/firebase/src/main/java/de/tum/cit/artemis/push/firebase/FirebaseSendService.java b/firebase/src/main/java/de/tum/cit/artemis/push/firebase/FirebaseSendService.java
@@ -60,7 +60,7 @@ public ResponseEntity<Void> send(List<NotificationRequest> requests) {
                     .toList();
 
             try {
-                FirebaseMessaging.getInstance(firebaseApp.get()).sendAll(batch);
+                FirebaseMessaging.getInstance(firebaseApp.get()).sendEach(batch);
             } catch (FirebaseMessagingException e) {
                 return ResponseEntity.status(HttpStatus.EXPECTATION_FAILED).build();
             }