From b4a2c8778e19b1bf59f0a888aedb4843d4a693a7 Mon Sep 17 00:00:00 2001
From: NikhilPatil <nikhil.patil5@ibm.com>
Date: Thu, 13 Feb 2025 09:48:38 +0530
Subject: [PATCH] CVE-2025-24970 high vul fix
---
provider/notification-ibm/pom.xml | 28 +++++++++++++++++++++-------
1 file changed, 21 insertions(+), 7 deletions(-)
diff --git a/provider/notification-ibm/pom.xml b/provider/notification-ibm/pom.xml
index 1b3439981..0bc62b716 100644
--- a/provider/notification-ibm/pom.xml
+++ b/provider/notification-ibm/pom.xml
@@ -55,6 +55,14 @@
<groupId>io.undertow</groupId>
<artifactId>undertow-websockets-jsr</artifactId>
</dependency>
+ <dependency>
+ <groupId>io.netty</groupId>
+ <artifactId>netty-bom</artifactId>
+ <version>4.1.118.Final</version>
+ <type>pom</type>
+ <scope>import</scope>
+ </dependency>
+
</dependencies>
</dependencyManagement>
@@ -68,6 +76,14 @@
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>io.netty</groupId>
+ <artifactId>netty-handler</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>commons-io</groupId>
+ <artifactId>commons-io</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -84,7 +100,6 @@
<groupId>org.opengroup.osdu</groupId>
<artifactId>notification-core</artifactId>
<version>0.28.0-SNAPSHOT</version>
-
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
@@ -94,12 +109,11 @@
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
-
- <dependency>
- <groupId>io.netty</groupId>
- <artifactId>netty-codec</artifactId>
- <version>4.1.68.Final</version>
- </dependency>
+ <dependency>
+ <groupId>commons-io</groupId>
+ <artifactId>commons-io</artifactId>
+ <version>2.14.0</version>
+ </dependency>
<!-- unit test dependencies -->
<dependency>
<groupId>org.powermock</groupId>
--
GitLab