This is an automated email from the ASF dual-hosted git repository.
alexey pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git
The following commit(s) were added to refs/heads/master by this push:
new b009144cd [java] update Netty from 4.1.110.Final to 4.1.115.Final
b009144cd is described below
commit b009144cdb0081788d82517aa1d421c5886fb201
Author: Alexey Serbin <ale...@apache.org>
AuthorDate: Wed Nov 27 11:19:50 2024 -0800
[java] update Netty from 4.1.110.Final to 4.1.115.Final
This is to address at least CVE-2024-29025 and CVE-2024-47535
and make security scanners happier. More information on the
vulnerabilities are available at [1], [2]. Please note that
[2] isn't relevant to Kudu Java client since the client doesn't
use HTTP-related functionality in Netty.
This is to address KUDU-3629, at least partially.
[1] https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv
[2] https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v
Change-Id: Iabd8fb7d43b9ee03fb681ab3d92f271ef2e490b1
Reviewed-on: http://gerrit.cloudera.org:8080/22136
Reviewed-by: Zoltan Chovan <zcho...@cloudera.com>
Tested-by: Alexey Serbin <ale...@apache.org>
Reviewed-by: Abhishek Chennaka <achenn...@cloudera.com>
---
java/gradle/dependencies.gradle | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/java/gradle/dependencies.gradle b/java/gradle/dependencies.gradle
index 812ac2541..eb2254816 100755
--- a/java/gradle/dependencies.gradle
+++ b/java/gradle/dependencies.gradle
@@ -50,7 +50,7 @@ versions += [
micrometer : "1.8.2",
mockito : "4.2.0",
murmur : "1.0.0",
- netty : "4.1.110.Final",
+ netty : "4.1.115.Final",
osdetector : "1.6.2",
protobuf : "3.21.12",
ranger : "2.1.0",
