Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security issue CVE-2021-43797 on io.netty below 4.1.71.Final #1949

Closed
pablotp opened this issue Dec 31, 2021 · 2 comments
Closed

Security issue CVE-2021-43797 on io.netty below 4.1.71.Final #1949

pablotp opened this issue Dec 31, 2021 · 2 comments
Labels
type: dependency-upgrade A dependency upgrade
Milestone
6.0.9

Comments

@pablotp
Copy link
Contributor

pablotp commented Dec 31, 2021

There is a security vulnerability CVE-2021-43797 on io.netty:netty-codec-http which is fixed on the version 4.1.71.Final.
See: https://snyk.io/vuln/maven%3Aio.netty%3Anetty-codec-http

The current io.netty version in this project is 4.1.68.Final.
@pablotp pablotp mentioned this issue Dec 31, 2021
Merged
@pablotp
Copy link
Contributor Author

pablotp commented Dec 31, 2021

I've just opened a PR to try fixing it: #1950
Since it is a minor update, I hope it doesn't break anything 🤞

@mp911de
Copy link
Collaborator

mp911de commented Jan 3, 2022

Fixed via #1950

@mp911de mp911de closed this as completed Jan 3, 2022
@mp911de mp911de added the type: dependency-upgrade A dependency upgrade label Jan 3, 2022
@mp911de mp911de added this to the 6.0.9 milestone Jan 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: dependency-upgrade A dependency upgrade
Projects
None yet
Milestone
6.0.9
Development

No branches or pull requests
2 participants
@mp911de @pablotp