diff --git a/pom.xml b/pom.xml
index f4f1b18928b..102d51e0149 100644
--- a/pom.xml
+++ b/pom.xml
@@ -42,7 +42,7 @@
5.6.2
1.21
2.7
- 2.6.0
+ 2.10.0
true
true
true
diff --git a/tensorflow-core/pom.xml b/tensorflow-core/pom.xml
index d2a3e9d393d..54b8ab8372f 100644
--- a/tensorflow-core/pom.xml
+++ b/tensorflow-core/pom.xml
@@ -40,8 +40,10 @@
Match version used by TensorFlow, in
https://github.com/tensorflow/tensorflow/blob/master/tensorflow/workspace2.bzl#L567
(but for the currently used release, not master)
+
+ Bumped to newer version to patch a CVE only present in protobuf-java
-->
- 3.9.2
+ 3.19.2
${javacpp.platform}${javacpp.platform.extension}
false
diff --git a/tensorflow-core/tensorflow-core-api/WORKSPACE b/tensorflow-core/tensorflow-core-api/WORKSPACE
index 8be7695be78..0ac4d82a193 100644
--- a/tensorflow-core/tensorflow-core-api/WORKSPACE
+++ b/tensorflow-core/tensorflow-core-api/WORKSPACE
@@ -18,10 +18,10 @@ http_archive(
patch_args = ["-p1"],
patch_cmds = ["grep -rl 'java_package' tensorflow/core | xargs sed -i.bak 's/^\(.* java_package = \"org\.tensorflow\.\)\(.*\"\)/\\1proto.\\2'/"],
urls = [
- "https://github.com/tensorflow/tensorflow/archive/refs/tags/v2.7.0.tar.gz",
+ "https://github.com/tensorflow/tensorflow/archive/refs/tags/v2.7.1.tar.gz",
],
- sha256 = "bb124905c7fdacd81e7c842b287c169bbf377d29c74c9dacc04f96c9793747bb",
- strip_prefix = "tensorflow-2.7.0"
+ sha256 = "abebe2cf5ca379e18071693ca5f45b88ade941b16258a21cc1f12d77d5387a21",
+ strip_prefix = "tensorflow-2.7.1"
)
# START: Upstream TensorFlow dependencies