This is an automated email from the ASF dual-hosted git repository.
zhangliang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shardingsphere.git
The following commit(s) were added to refs/heads/master by this push:
new 1a694abcff3 Fixes CVE-2025-55163, CVE-2025-58056, CVE-2025-58057
(#36758)
1a694abcff3 is described below
commit 1a694abcff3aa47752dc8d6ee7abb4469acd883c
Author: Liang Zhang <[email protected]>
AuthorDate: Tue Sep 30 13:38:09 2025 +0800
Fixes CVE-2025-55163, CVE-2025-58056, CVE-2025-58057 (#36758)
* Upgrade grpc version to 1.75.0
* Fixes CVE-2025-58057, CVE-2025-58056, CVE-2025-55163
* Fixes CVE-2025-58057, CVE-2025-58056, CVE-2025-55163
---
RELEASE-NOTES.md | 1 +
pom.xml | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
index 84f99fe4aba..66ab17992e0 100644
--- a/RELEASE-NOTES.md
+++ b/RELEASE-NOTES.md
@@ -2,6 +2,7 @@
### CVE
+1. Fix CVE-2025-55163, CVE-2025-58056, CVE-2025-58057
[#36758](https://github.com/apache/shardingsphere/pull/36758)
1. Fix CVE-2025-48924
[#36085](https://github.com/apache/shardingsphere/pull/36085)
1. Fix CVE-2024-7254
[#36153](https://github.com/apache/shardingsphere/pull/36153)
diff --git a/pom.xml b/pom.xml
index 203d0097a27..681de5c9360 100644
--- a/pom.xml
+++ b/pom.xml
@@ -96,7 +96,7 @@
<jakarta.jakartaee-bom.version>8.0.0</jakarta.jakartaee-bom.version>
- <netty.version>4.1.121.Final</netty.version>
+ <netty.version>4.1.126.Final</netty.version>
<bouncycastle.version>1.78.1</bouncycastle.version>
<curator.version>5.7.0</curator.version>
