From b92dab05c37aadb21f215b381981f72635538248 Mon Sep 17 00:00:00 2001
From: ballerina-bot <ballerina-bot@ballerina.org>
Date: Fri, 9 Jan 2026 05:58:36 +0000
Subject: [PATCH 1/5] Move dependencies to stable versions

---
 gradle.properties | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gradle.properties b/gradle.properties
index b3c2269b8..4d88bf840 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -42,7 +42,7 @@ stdlibJwtVersion=2.15.1
 stdlibOAuth2Version=2.14.1
 
 # Level 05
-stdlibHttpVersion=2.14.9-20251222-133200-2af6855
+stdlibHttpVersion=2.14.9
 
 # Ballerinax Observer
 observeVersion=1.5.0

From ac68847b709dfa61f78d8c890aa88df9ba4da670 Mon Sep 17 00:00:00 2001
From: ballerina-bot <ballerina-bot@ballerina.org>
Date: Fri, 9 Jan 2026 05:58:36 +0000
Subject: [PATCH 2/5] [Automated] Update the native jar versions

---
 ballerina/Dependencies.toml | 28 ++++++----------------------
 1 file changed, 6 insertions(+), 22 deletions(-)

diff --git a/ballerina/Dependencies.toml b/ballerina/Dependencies.toml
index b7a18c182..0893209a8 100644
--- a/ballerina/Dependencies.toml
+++ b/ballerina/Dependencies.toml
@@ -47,7 +47,7 @@ modules = [
 [[package]]
 org = "ballerina"
 name = "crypto"
-version = "2.9.3"
+version = "2.9.2"
 dependencies = [
 	{org = "ballerina", name = "jballerina.java"},
 	{org = "ballerina", name = "time"}
@@ -242,16 +242,13 @@ modules = [
 [[package]]
 org = "ballerina"
 name = "log"
-version = "2.14.0"
+version = "2.12.0"
 dependencies = [
 	{org = "ballerina", name = "io"},
 	{org = "ballerina", name = "jballerina.java"},
 	{org = "ballerina", name = "lang.value"},
 	{org = "ballerina", name = "observe"}
 ]
-modules = [
-	{org = "ballerina", packageName = "log", moduleName = "log"}
-]
 
 [[package]]
 org = "ballerina"
@@ -283,7 +280,7 @@ modules = [
 [[package]]
 org = "ballerina"
 name = "observe"
-version = "1.6.0"
+version = "1.5.0"
 dependencies = [
 	{org = "ballerina", name = "jballerina.java"}
 ]
@@ -300,11 +297,10 @@ dependencies = [
 [[package]]
 org = "ballerina"
 name = "task"
-version = "2.11.0"
+version = "2.7.0"
 dependencies = [
 	{org = "ballerina", name = "jballerina.java"},
-	{org = "ballerina", name = "time"},
-	{org = "ballerina", name = "uuid"}
+	{org = "ballerina", name = "time"}
 ]
 
 [[package]]
@@ -335,22 +331,11 @@ modules = [
 [[package]]
 org = "ballerina"
 name = "url"
-version = "2.6.1"
+version = "2.6.0"
 dependencies = [
 	{org = "ballerina", name = "jballerina.java"}
 ]
 
-[[package]]
-org = "ballerina"
-name = "uuid"
-version = "1.10.0"
-dependencies = [
-	{org = "ballerina", name = "crypto"},
-	{org = "ballerina", name = "jballerina.java"},
-	{org = "ballerina", name = "lang.int"},
-	{org = "ballerina", name = "time"}
-]
-
 [[package]]
 org = "ballerina"
 name = "websocket"
@@ -366,7 +351,6 @@ dependencies = [
 	{org = "ballerina", name = "lang.runtime"},
 	{org = "ballerina", name = "lang.string"},
 	{org = "ballerina", name = "lang.value"},
-	{org = "ballerina", name = "log"},
 	{org = "ballerina", name = "oauth2"},
 	{org = "ballerina", name = "test"},
 	{org = "ballerina", name = "time"}

From a5ca183beb8580d2123d636856d622a66b4e83a3 Mon Sep 17 00:00:00 2001
From: ballerina-bot <ballerina-bot@ballerina.org>
Date: Fri, 9 Jan 2026 06:03:10 +0000
Subject: [PATCH 3/5] [Gradle Release Plugin] - pre tag commit:  'v2.14.3'.

---
 ballerina/Ballerina.toml      | 6 +++---
 ballerina/CompilerPlugin.toml | 2 +-
 ballerina/Dependencies.toml   | 4 ++++
 gradle.properties             | 2 +-
 4 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/ballerina/Ballerina.toml b/ballerina/Ballerina.toml
index 90e3baefb..a3eeac59f 100644
--- a/ballerina/Ballerina.toml
+++ b/ballerina/Ballerina.toml
@@ -16,13 +16,13 @@ graalvmCompatible = true
 groupId = "io.ballerina.stdlib"
 artifactId = "websocket-native"
 version = "2.14.3"
-path = "../native/build/libs/websocket-native-2.14.3-SNAPSHOT.jar"
+path = "../native/build/libs/websocket-native-2.14.3.jar"
 
 [[platform.java21.dependency]]
 groupId = "io.ballerina.stdlib"
 artifactId = "http-native"
 version = "2.14.9"
-path = "./lib/http-native-2.14.9-20251222-133200-2af6855.jar"
+path = "./lib/http-native-2.14.9.jar"
 
 [[platform.java21.dependency]]
 groupId = "io.ballerina.stdlib"
@@ -85,5 +85,5 @@ version = "4.1.130.Final"
 path = "./lib/netty-handler-proxy-4.1.130.Final.jar"
 
 [[platform.java21.dependency]]
-path = "../test-utils/build/libs/websocket-test-utils-2.14.3-SNAPSHOT.jar"
+path = "../test-utils/build/libs/websocket-test-utils-2.14.3.jar"
 scope = "testOnly"
diff --git a/ballerina/CompilerPlugin.toml b/ballerina/CompilerPlugin.toml
index 94b32e8f8..051916c74 100644
--- a/ballerina/CompilerPlugin.toml
+++ b/ballerina/CompilerPlugin.toml
@@ -3,4 +3,4 @@ id = "websocket-compiler-plugin"
 class = "io.ballerina.stdlib.websocket.plugin.WebSocketCompilerPlugin"
 
 [[dependency]]
-path = "../compiler-plugin/build/libs/websocket-compiler-plugin-2.14.3-SNAPSHOT.jar"
+path = "../compiler-plugin/build/libs/websocket-compiler-plugin-2.14.3.jar"
diff --git a/ballerina/Dependencies.toml b/ballerina/Dependencies.toml
index 0893209a8..14de7b970 100644
--- a/ballerina/Dependencies.toml
+++ b/ballerina/Dependencies.toml
@@ -249,6 +249,9 @@ dependencies = [
 	{org = "ballerina", name = "lang.value"},
 	{org = "ballerina", name = "observe"}
 ]
+modules = [
+	{org = "ballerina", packageName = "log", moduleName = "log"}
+]
 
 [[package]]
 org = "ballerina"
@@ -351,6 +354,7 @@ dependencies = [
 	{org = "ballerina", name = "lang.runtime"},
 	{org = "ballerina", name = "lang.string"},
 	{org = "ballerina", name = "lang.value"},
+	{org = "ballerina", name = "log"},
 	{org = "ballerina", name = "oauth2"},
 	{org = "ballerina", name = "test"},
 	{org = "ballerina", name = "time"}
diff --git a/gradle.properties b/gradle.properties
index 4d88bf840..20e48ed5e 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -1,6 +1,6 @@
 org.gradle.caching=true
 group=io.ballerina.stdlib
-version=2.14.3-SNAPSHOT
+version=2.14.3
 ballerinaLangVersion=2201.12.0
 ballerinaTomlParserVersion=1.2.2
 nettyVersion=4.1.130.Final

From f91b3ca85ebb5d986fa37e899ee98eefb28ec6cc Mon Sep 17 00:00:00 2001
From: ballerina-bot <ballerina-bot@ballerina.org>
Date: Fri, 9 Jan 2026 06:03:12 +0000
Subject: [PATCH 4/5] [Gradle Release Plugin] - new version commit: 
 'v2.14.4-SNAPSHOT'.

---
 gradle.properties | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gradle.properties b/gradle.properties
index 20e48ed5e..2b17a9233 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -1,6 +1,6 @@
 org.gradle.caching=true
 group=io.ballerina.stdlib
-version=2.14.3
+version=2.14.4-SNAPSHOT
 ballerinaLangVersion=2201.12.0
 ballerinaTomlParserVersion=1.2.2
 nettyVersion=4.1.130.Final

From 736dab4b3bf82ec7d750255242fba638deaa47ac Mon Sep 17 00:00:00 2001
From: Krishnananthalingam Tharmigan
 <63336800+TharmiganK@users.noreply.github.com>
Date: Fri, 9 Jan 2026 11:45:27 +0530
Subject: [PATCH 5/5] Update changelog for release 2.14.3

Added release notes for version 2.14.3 addressing security vulnerabilities.
---
 changelog.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/changelog.md b/changelog.md
index ad646b8ba..af4433cac 100644
--- a/changelog.md
+++ b/changelog.md
@@ -3,7 +3,11 @@ This file contains all the notable changes done to the Ballerina WebSocket packa
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [Unreleased]
+## [2.14.3] - 2026-01-09
+
+### Fixed
+
+- [Address `CVE-2025-67735`, `CVE-2025-12183` and `CVE-2025-66566` security vulnerabilities](https://github.com/ballerina-platform/ballerina-library/issues/8538)
 
 ## [2.14.2] - 2025-09-09