Skip to content

[MS 38485] update netty-bom vulnerability

VidyaDharani Lokam requested to merge az/vl-fix-netty-vulnerability into master
  • update netty-bom dependency from 4.1.70.Final to 4.1.109.Final to remediate vulnerability.

    mvn dependency:tree before changes:

    [INFO] |  +- io.netty:netty-common:jar:4.1.70.Final:compile
    [INFO] |  +- io.netty:netty-transport:jar:4.1.70.Final:compile
    [INFO] |  |  +- io.netty:netty-buffer:jar:4.1.70.Final:compile
    [INFO] |  |  \- io.netty:netty-resolver:jar:4.1.70.Final:compile
    [INFO] |  \- io.netty:netty-handler:jar:4.1.70.Final:compile
    [INFO] |     \- io.netty:netty-codec:jar:4.1.70.Final:compile

    mvn dependency:tree after changes:

    [INFO] |  +- io.netty:netty-common:jar:4.1.109.Final:compile
    [INFO] |  +- io.netty:netty-transport:jar:4.1.109.Final:compile
    [INFO] |  |  +- io.netty:netty-buffer:jar:4.1.109.Final:compile
    [INFO] |  |  \- io.netty:netty-resolver:jar:4.1.109.Final:compile
    [INFO] |  \- io.netty:netty-handler:jar:4.1.109.Final:compile
    [INFO] |     +- io.netty:netty-transport-native-unix-common:jar:4.1.109.Final:compile
    [INFO] |     \- io.netty:netty-codec:jar:4.1.109.Final:compile

    The changes were tested with Ingestion workflow (pipeline) and EDS-DMS (pipeline) services and the pipelines are green.

Edited by VidyaDharani Lokam

Merge request reports

Loading