This is an automated email from the ASF dual-hosted git repository.

kfaraz pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/druid.git


The following commit(s) were added to refs/heads/master by this push:
     new 78ae0b7533 Upgrade to netty 4.1.86.Final to address CVEs (#13604)
78ae0b7533 is described below

commit 78ae0b75338016dd02245eeb83715c521daad41d
Author: Kashif Faraz <[email protected]>
AuthorDate: Fri Dec 23 01:44:01 2022 +0530

    Upgrade to netty 4.1.86.Final to address CVEs (#13604)
    
    This commit addresses the following CVEs:
    - CVE-2021-43797
    - CVE-2022-41881
---
 extensions-contrib/kubernetes-overlord-extensions/pom.xml | 2 +-
 licenses.yaml                                             | 3 ++-
 owasp-dependency-check-suppressions.xml                   | 2 ++
 pom.xml                                                   | 2 +-
 4 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/extensions-contrib/kubernetes-overlord-extensions/pom.xml 
b/extensions-contrib/kubernetes-overlord-extensions/pom.xml
index 9503eeeb6c..6083a0d53f 100644
--- a/extensions-contrib/kubernetes-overlord-extensions/pom.xml
+++ b/extensions-contrib/kubernetes-overlord-extensions/pom.xml
@@ -88,7 +88,7 @@
     <dependency>
       <groupId>io.netty</groupId>
       <artifactId>netty-common</artifactId>
-      <version>4.1.68.Final</version>
+      <version>${netty4.version}</version>
       <scope>provided</scope>
     </dependency>
     <dependency>
diff --git a/licenses.yaml b/licenses.yaml
index 43f5f55608..77e85f1f4a 100644
--- a/licenses.yaml
+++ b/licenses.yaml
@@ -1269,7 +1269,7 @@ name: Netty
 license_category: binary
 module: java-core
 license_name: Apache License version 2.0
-version: 4.1.68.Final
+version: 4.1.86.Final
 libraries:
   - io.netty: netty-buffer
   - io.netty: netty-codec
@@ -1282,6 +1282,7 @@ libraries:
   - io.netty: netty-resolver
   - io.netty: netty-resolver-dns
   - io.netty: netty-transport
+  - io.netty: netty-transport-classes-epoll
   - io.netty: netty-transport-native-epoll
   - io.netty: netty-transport-native-unix-common
 notice: |
diff --git a/owasp-dependency-check-suppressions.xml 
b/owasp-dependency-check-suppressions.xml
index 43dc160ab6..17b4154d56 100644
--- a/owasp-dependency-check-suppressions.xml
+++ b/owasp-dependency-check-suppressions.xml
@@ -193,6 +193,7 @@
     <cve>CVE-2019-20445</cve>
     <cve>CVE-2021-37136</cve>
     <cve>CVE-2021-37137</cve>
+    <cve>CVE-2022-41881</cve>
   </suppress>
   <suppress>
     <!-- TODO: Fix by upgrading hadoop-auth version -->
@@ -374,6 +375,7 @@
     <cve>CVE-2022-23307</cve>
     <cve>CVE-2022-23305</cve>
     <cve>CVE-2022-23302</cve>
+    <cve>CVE-2022-41881</cve>
   </suppress>
   <suppress>
        <!--
diff --git a/pom.xml b/pom.xml
index e98177c23e..d7a799e736 100644
--- a/pom.xml
+++ b/pom.xml
@@ -104,7 +104,7 @@
         <mysql.version>5.1.49</mysql.version>
         <mariadb.version>2.7.3</mariadb.version>
         <netty3.version>3.10.6.Final</netty3.version>
-        <netty4.version>4.1.68.Final</netty4.version>
+        <netty4.version>4.1.86.Final</netty4.version>
         <postgresql.version>42.4.1</postgresql.version>
         <protobuf.version>3.21.7</protobuf.version>
         <resilience4j.version>1.3.1</resilience4j.version>


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to