Skip to content

Commit

Permalink
Upgrade netty dependencies to address CVE-2024-47535
Browse files Browse the repository at this point in the history 
Upgrade the netty dependencies to resolve CVE-2024-47535
If implemented this will:
Upgrade the netty dependencies to 4.1.115.Final
  • Loading branch information
@infvg @tdcmeehan
infvg authored and tdcmeehan committed Dec 9, 2024
1 parent cfb487c commit 5013e2e
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 7 deletions.
11 changes: 8 additions & 3 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,7 @@
<dep.avro.version>1.11.4</dep.avro.version>
<dep.commons.compress.version>1.26.2</dep.commons.compress.version>
<dep.protobuf-java.version>3.25.5</dep.protobuf-java.version>
<dep.netty.version>4.1.115.Final</dep.netty.version>
<dep.snakeyaml.version>2.0</dep.snakeyaml.version>

<!--
Expand Down Expand Up @@ -209,10 +210,12 @@
<dependencies>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-handler</artifactId>
<version>4.1.107.Final</version>
<artifactId>netty-bom</artifactId>
<version>${dep.netty.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>

<dependency>
<groupId>com.facebook.presto</groupId>
<artifactId>presto-testing-docker</artifactId>
Expand Down Expand Up @@ -2339,6 +2342,8 @@
<ignoredClassPatterns combine.children="append">
<!-- Duplicate class is being brought in by commons-io & log4j-api -->
<ignoredClassPattern>META-INF.versions.9.module-info</ignoredClassPattern>
<!-- Duplicate class is being brought in by several netty dependencies-->
<ignoredClassPattern>META-INF.versions.11.module-info</ignoredClassPattern>
</ignoredClassPatterns>
</configuration>
</plugin>
Expand Down
4 changes: 0 additions & 4 deletions redis-hbo-provider/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@
<properties>
<air.main.basedir>${project.parent.basedir}</air.main.basedir>
<lettuce.version>6.2.4.RELEASE</lettuce.version>
<netty.version>4.1.115.Final</netty.version>
</properties>

<artifactId>redis-hbo-provider</artifactId>
Expand All @@ -22,19 +21,16 @@
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-common</artifactId>
<version>${netty.version}</version>
</dependency>

<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-handler</artifactId>
<version>${netty.version}</version>
</dependency>

<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-transport</artifactId>
<version>${netty.version}</version>
</dependency>

<dependency>
Expand Down

0 comments on commit 5013e2e

Please sign in to comment.