fixing CVE critical issues by resolving kerby/jline and wildfly libraries #12566
Conversation
xiangfu0
commented
Mar 6, 2024
xiangfu0
commented
- Remove io.netty:netty library
- Consolidate org.apache.kerby:kerb-core and org.apache.kerby:kerb-simplekdc version to 2.0.3
- Consolidate org.jline:jline version to 3.22.0
- Consolidate org.wildfly.common:wildfly-common version to 1.5.4.Final
| @@ -857,6 +860,10 @@ | |||
| <groupId>commons-logging</groupId> | |||
| <artifactId>commons-logging</artifactId> | |||
| </exclusion> | |||
| <exclusion> | |||
There was a problem hiding this comment.
Do we need to exclude netty? We have netty-bom in the dependency
There was a problem hiding this comment.
We are using io.netty:netty-all:jar:4.1.107.Final, this is older dependency.
There was a problem hiding this comment.
I don't follow. Since we have netty explicitly configured, it should pull the new netty, and there should be no need to exclude it
There was a problem hiding this comment.
Figured that netty is the old netty-all which is already deprecated, so it should be safe to exclude
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #12566 +/- ##
============================================
- Coverage 61.75% 61.58% -0.17%
Complexity 207 207
============================================
Files 2436 2451 +15
Lines 133233 133730 +497
Branches 20636 20704 +68
============================================
+ Hits 82274 82355 +81
- Misses 44911 45267 +356
- Partials 6048 6108 +60
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
xiangfu0
force-pushed
the
fixing-cve-more
branch
from
3274e9b to
5ddecfd
Compare
