Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump netty for CVE-2024-47535 #3241

Merged
merged 3 commits into from
Dec 23, 2024
Merged

Bump netty for CVE-2024-47535 #3241

merged 3 commits into from
Dec 23, 2024

Conversation

russwyte
Copy link
Contributor

@russwyte russwyte commented Dec 8, 2024

Addresses CVE alert I have been getting from github dependabot.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47535

@guizmaii
Copy link
Member

guizmaii commented Dec 19, 2024

@russwyte I updated to 4.1.116 and it seems that we're using a deprecated method, making the CI fail. Could you have a look, please?

@russwyte
Copy link
Contributor Author

russwyte commented Dec 19, 2024

@russwyte I updated to 4.1.116 and it seems that we're using a deprecated method, making the CI fail. Could you have a look, please?

Sure - I will look.

@russwyte
Copy link
Contributor Author

@guizmaii Fortunately it was easy fix - just a deprecated method. 👍

@@ -131,7 +131,7 @@ private[zio] class ServerSSLDecoder(sslConfig: SSLConfig, cfg: Server.Config) ex
val httpBehaviour = sslConfig.behaviour
if (in.readableBytes < 5)
()
else if (SslHandler.isEncrypted(in)) {
else if (SslHandler.isEncrypted(in, false)) {
Copy link
Member

@guizmaii guizmaii Dec 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@russwyte Just for my information, what is this false for?

Found the PR making the change: netty/netty#14243

image

Copy link
Member

@guizmaii guizmaii left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@russwyte
Copy link
Contributor Author

I just went with the strongly suggested option.

@987Nabil 987Nabil enabled auto-merge (squash) December 23, 2024 05:57
@987Nabil 987Nabil merged commit e6fa725 into zio:main Dec 23, 2024
35 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants