[
https://issues.apache.org/jira/browse/JAMES-2208?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17079142#comment-17079142
]
Matthieu Baechler commented on JAMES-2208:
------------------------------------------
I read the report and the 4 vulnerabilities are related to HTTP.
We don't use netty 3 for HTTP so we are safe.
Still, if you want to contribute the upgrade to Netty 4, we can offer some help.
> upgrade netty to netty-all
> --------------------------
>
> Key: JAMES-2208
> URL: https://issues.apache.org/jira/browse/JAMES-2208
> Project: James Server
> Issue Type: Improvement
> Components: James Core
> Affects Versions: 3.0.0
> Reporter: Randymo
> Priority: Major
> Attachments: dependency-check-report.html
>
>
> James is currently using the netty dependency
> <dependency>
> <groupId>io.netty</groupId>
> <artifactId>netty</artifactId>
> <version>3.10.6.Final</version>
> </dependency>
> I think we should upgrade to the newer artifact
> <dependency>
> <groupId>io.netty</groupId>
> <artifactId>netty-all</artifactId>
> <version>4.1.16.Final</version>
> </dependency>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
