This is an automated email from the ASF dual-hosted git repository.
karan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/druid.git
The following commit(s) were added to refs/heads/master by this push:
new e56d55b4ce5 [CVE-Fix]: Update netty4 version (#17755)
e56d55b4ce5 is described below
commit e56d55b4ce576a52d19d0829dde2dbb148acf69b
Author: Parth Agrawal <[email protected]>
AuthorDate: Tue Feb 25 08:45:02 2025 +0530
[CVE-Fix]: Update netty4 version (#17755)
This PR updates the netty4 version used to resolve CVE-2025-25193:
https://nvd.nist.gov/vuln/detail/CVE-2025-25193
---
licenses.yaml | 4 ++--
pom.xml | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/licenses.yaml b/licenses.yaml
index 9e1c3f9e4b3..b72b819d79e 100644
--- a/licenses.yaml
+++ b/licenses.yaml
@@ -1286,7 +1286,7 @@ name: Netty
license_category: binary
module: java-core
license_name: Apache License version 2.0
-version: 4.1.116.Final
+version: 4.1.118.Final
libraries:
- io.netty: netty-buffer
- io.netty: netty-codec
@@ -4452,7 +4452,7 @@ name: Netty
license_category: binary
module: extensions/druid-azure-extensions
license_name: Apache License version 2.0
-version: 2.0.69.Final
+version: 2.0.70.Final
libraries:
- io.netty: netty-tcnative-boringssl-static
- io.netty: netty-tcnative-classes
diff --git a/pom.xml b/pom.xml
index b0b1e576737..fc7d78ccecb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -106,7 +106,7 @@
<mysql.version>8.2.0</mysql.version>
<mariadb.version>2.7.3</mariadb.version>
<netty3.version>3.10.6.Final</netty3.version>
- <netty4.version>4.1.116.Final</netty4.version>
+ <netty4.version>4.1.118.Final</netty4.version>
<postgresql.version>42.7.2</postgresql.version>
<protobuf.version>3.25.5</protobuf.version>
<resilience4j.version>1.3.1</resilience4j.version>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
