This is an automated email from the ASF dual-hosted git repository.
gian pushed a commit to branch 0.22.1
in repository https://gitbox.apache.org/repos/asf/druid.git
The following commit(s) were added to refs/heads/0.22.1 by this push:
new a06bf34 Bump netty4 to 4.1.68; suppress CVE-2021-37136 and
CVE-2021-37137 for netty3 (#11844)
a06bf34 is described below
commit a06bf34a2903b512486d22ed78a4a5f9f05ab9b8
Author: Jihoon Son <[email protected]>
AuthorDate: Tue Oct 26 00:09:15 2021 -0400
Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for
netty3 (#11844)
* bump netty4 to 4.1.68
* suppress CVE-2021-37136 and CVE-2021-37137 for netty3
* license
---
licenses.yaml | 2 +-
owasp-dependency-check-suppressions.xml | 24 ++++++++++++++----------
pom.xml | 2 +-
3 files changed, 16 insertions(+), 12 deletions(-)
diff --git a/licenses.yaml b/licenses.yaml
index 9f43f53..7e7042b 100644
--- a/licenses.yaml
+++ b/licenses.yaml
@@ -1228,7 +1228,7 @@ name: Netty
license_category: binary
module: java-core
license_name: Apache License version 2.0
-version: 4.1.63.Final
+version: 4.1.68.Final
libraries:
- io.netty: netty-buffer
- io.netty: netty-codec
diff --git a/owasp-dependency-check-suppressions.xml
b/owasp-dependency-check-suppressions.xml
index aa83c41..511b893 100644
--- a/owasp-dependency-check-suppressions.xml
+++ b/owasp-dependency-check-suppressions.xml
@@ -162,6 +162,8 @@
<cve>CVE-2019-16869</cve>
<cve>CVE-2019-20444</cve>
<cve>CVE-2019-20445</cve>
+ <cve>CVE-2021-37136</cve>
+ <cve>CVE-2021-37137</cve>
</suppress>
<suppress>
<!-- TODO: Fix by upgrading hadoop-auth version -->
@@ -286,16 +288,18 @@
<cve>CVE-2019-17571</cve>
</suppress>
<suppress>
- <!--
- - TODO: The lastest version of ambari-metrics-common is 2.7.0.0.0,
released in July 2018.
- -->
- <notes><![CDATA[
- file name: ambari-metrics-common-2.7.0.0.0.jar (shaded:
io.netty:netty:3.10.5.Final)
- ]]></notes>
- <packageUrl
regex="true">^pkg:maven/io\.netty/[email protected]$</packageUrl>
- <cve>CVE-2019-16869</cve>
- <cve>CVE-2019-20444</cve>
- <cve>CVE-2019-20445</cve>
+ <!--
+ - TODO: The lastest version of ambari-metrics-common is 2.7.0.0.0,
released in July 2018.
+ -->
+ <notes><![CDATA[
+ file name: ambari-metrics-common-2.7.0.0.0.jar (shaded:
io.netty:netty:3.10.5.Final)
+ ]]></notes>
+ <packageUrl
regex="true">^pkg:maven/io\.netty/[email protected]$</packageUrl>
+ <cve>CVE-2019-16869</cve>
+ <cve>CVE-2019-20444</cve>
+ <cve>CVE-2019-20445</cve>
+ <cve>CVE-2021-37136</cve>
+ <cve>CVE-2021-37137</cve>
</suppress>
<suppress>
<!--
diff --git a/pom.xml b/pom.xml
index 6fb48e1..e57c5b6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -100,7 +100,7 @@
<mysql.version>5.1.48</mysql.version>
<mariadb.version>2.7.3</mariadb.version>
<netty3.version>3.10.6.Final</netty3.version>
- <netty4.version>4.1.63.Final</netty4.version>
+ <netty4.version>4.1.68.Final</netty4.version>
<postgresql.version>42.2.14</postgresql.version>
<protobuf.version>3.11.0</protobuf.version>
<resilience4j.version>1.3.1</resilience4j.version>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
