This is an automated email from the ASF dual-hosted git repository.
kfaraz pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/druid.git
The following commit(s) were added to refs/heads/master by this push:
new 78ae0b7533 Upgrade to netty 4.1.86.Final to address CVEs (#13604)
78ae0b7533 is described below
commit 78ae0b75338016dd02245eeb83715c521daad41d
Author: Kashif Faraz <[email protected]>
AuthorDate: Fri Dec 23 01:44:01 2022 +0530
Upgrade to netty 4.1.86.Final to address CVEs (#13604)
This commit addresses the following CVEs:
- CVE-2021-43797
- CVE-2022-41881
---
extensions-contrib/kubernetes-overlord-extensions/pom.xml | 2 +-
licenses.yaml | 3 ++-
owasp-dependency-check-suppressions.xml | 2 ++
pom.xml | 2 +-
4 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/extensions-contrib/kubernetes-overlord-extensions/pom.xml
b/extensions-contrib/kubernetes-overlord-extensions/pom.xml
index 9503eeeb6c..6083a0d53f 100644
--- a/extensions-contrib/kubernetes-overlord-extensions/pom.xml
+++ b/extensions-contrib/kubernetes-overlord-extensions/pom.xml
@@ -88,7 +88,7 @@
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-common</artifactId>
- <version>4.1.68.Final</version>
+ <version>${netty4.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
diff --git a/licenses.yaml b/licenses.yaml
index 43f5f55608..77e85f1f4a 100644
--- a/licenses.yaml
+++ b/licenses.yaml
@@ -1269,7 +1269,7 @@ name: Netty
license_category: binary
module: java-core
license_name: Apache License version 2.0
-version: 4.1.68.Final
+version: 4.1.86.Final
libraries:
- io.netty: netty-buffer
- io.netty: netty-codec
@@ -1282,6 +1282,7 @@ libraries:
- io.netty: netty-resolver
- io.netty: netty-resolver-dns
- io.netty: netty-transport
+ - io.netty: netty-transport-classes-epoll
- io.netty: netty-transport-native-epoll
- io.netty: netty-transport-native-unix-common
notice: |
diff --git a/owasp-dependency-check-suppressions.xml
b/owasp-dependency-check-suppressions.xml
index 43dc160ab6..17b4154d56 100644
--- a/owasp-dependency-check-suppressions.xml
+++ b/owasp-dependency-check-suppressions.xml
@@ -193,6 +193,7 @@
<cve>CVE-2019-20445</cve>
<cve>CVE-2021-37136</cve>
<cve>CVE-2021-37137</cve>
+ <cve>CVE-2022-41881</cve>
</suppress>
<suppress>
<!-- TODO: Fix by upgrading hadoop-auth version -->
@@ -374,6 +375,7 @@
<cve>CVE-2022-23307</cve>
<cve>CVE-2022-23305</cve>
<cve>CVE-2022-23302</cve>
+ <cve>CVE-2022-41881</cve>
</suppress>
<suppress>
<!--
diff --git a/pom.xml b/pom.xml
index e98177c23e..d7a799e736 100644
--- a/pom.xml
+++ b/pom.xml
@@ -104,7 +104,7 @@
<mysql.version>5.1.49</mysql.version>
<mariadb.version>2.7.3</mariadb.version>
<netty3.version>3.10.6.Final</netty3.version>
- <netty4.version>4.1.68.Final</netty4.version>
+ <netty4.version>4.1.86.Final</netty4.version>
<postgresql.version>42.4.1</postgresql.version>
<protobuf.version>3.21.7</protobuf.version>
<resilience4j.version>1.3.1</resilience4j.version>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]