Skip to content

Fixed vulnerabilities with version bumps.

Daniel Scholl (MS] requested to merge vulnerabilities into master

Fix: Address vulnerabilities in lettuce-core and netty-common

This PR resolves two medium-severity vulnerabilities in the dependencies used by the project.

Details of Vulnerabilities Fixed:

  1. io.lettuce:lettuce-core

    • Vulnerability: GHSA-q4h9-7rxj-7gx2
    • Severity: Medium
    • Issue: Netty vulnerability included in Redis lettuce
    • Resolution: Upgraded from 6.3.2.RELEASE to 6.5.1.RELEASE.

  2. io.netty:netty-common

    • Vulnerability: CVE-2024-47535
    • Severity: Medium
    • Issue: Denial of Service attack on Windows apps using Netty
    • Resolution: Upgraded from 4.1.109.Final to 4.1.115.

Impact:

  • Both vulnerabilities are now resolved with the updated dependency versions.
  • Ensures improved security and mitigates risks associated with these issues.
Edited by Daniel Scholl (MS]

Merge request reports