This is an automated email from the ASF dual-hosted git repository.
alexey pushed a commit to branch branch-1.18.x
in repository https://gitbox.apache.org/repos/asf/kudu.git
The following commit(s) were added to refs/heads/branch-1.18.x by this push:
new bf61ef9bf [java] update Netty from 4.1.110.Final to 4.1.115.Final
bf61ef9bf is described below
commit bf61ef9bf2b95511088d47e31f9a83bb245c6501
Author: Alexey Serbin <[email protected]>
AuthorDate: Wed Nov 27 11:19:50 2024 -0800
[java] update Netty from 4.1.110.Final to 4.1.115.Final
This is to address at least CVE-2024-29025 and CVE-2024-47535
and make security scanners happier. More information on the
vulnerabilities are available at [1], [2]. Please note that
[2] isn't relevant to Kudu Java client since the client doesn't
use HTTP-related functionality in Netty.
This is to address KUDU-3629, at least partially.
[1] https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv
[2] https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v
Change-Id: Iabd8fb7d43b9ee03fb681ab3d92f271ef2e490b1
Reviewed-on: http://gerrit.cloudera.org:8080/22136
Reviewed-by: Zoltan Chovan <[email protected]>
Tested-by: Alexey Serbin <[email protected]>
Reviewed-by: Abhishek Chennaka <[email protected]>
(cherry picked from commit b009144cdb0081788d82517aa1d421c5886fb201)
Reviewed-on: http://gerrit.cloudera.org:8080/22149
---
java/gradle/dependencies.gradle | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/java/gradle/dependencies.gradle b/java/gradle/dependencies.gradle
index 812ac2541..eb2254816 100755
--- a/java/gradle/dependencies.gradle
+++ b/java/gradle/dependencies.gradle
@@ -50,7 +50,7 @@ versions += [
micrometer : "1.8.2",
mockito : "4.2.0",
murmur : "1.0.0",
- netty : "4.1.110.Final",
+ netty : "4.1.115.Final",
osdetector : "1.6.2",
protobuf : "3.21.12",
ranger : "2.1.0",
