Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bump: Netty 4.1.89 due to CVE-2022-41915 #355

Merged
merged 3 commits into from
Feb 16, 2023
Merged

bump: Netty 4.1.89 due to CVE-2022-41915 #355

merged 3 commits into from
Feb 16, 2023

Conversation

patriknw
Copy link
Member

No description provided.

patriknw
patriknw commented Feb 14, 2023
View reviewed changes
project/Dependencies.scala Outdated
// FIXME remove this when r2dbc-postgresql includes a later Netty version
val nettyHandlerProxy = "io.netty" % "netty-handler-proxy" % NettyVersion
val nettyResolverDns = "io.netty" % "netty-resolver-dns" % NettyVersion
val nettyResolverDnsMacos = "io.netty" % "netty-resolver-dns-macos" % NettyVersion classifier "osx-x86_64"
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the dns-macos classifier doesn't work for me, still 4.1.84.Final according to dependencyTree

additionally, might also need osx-aarch_64 for M1

I'm not sure it will work to override the transitive dependency with classifier?

@patriknw patriknw marked this pull request as ready for review February 15, 2023 09:19
patriknw
patriknw commented Feb 15, 2023
View reviewed changes
project/Dependencies.scala Outdated
// FIXME remove this when r2dbc-postgresql includes a later Netty version
val nettyHandlerProxy = "io.netty" % "netty-handler-proxy" % NettyVersion
val nettyResolverDns = "io.netty" % "netty-resolver-dns" % NettyVersion
val nettyResolverDnsMacos = "io.netty" % "netty-resolver-dns-native-macos" % NettyVersion classifier "osx-x86_64" classifier "osx-aarch_64"
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had problem with this first, but I had not used the right artifact name. Seems like the build is not failing when using classifier. Anyway, this works, and generates pom:

<dependency>
            <groupId>io.netty</groupId>
            <artifactId>netty-resolver-dns-native-macos</artifactId>
            <version>4.1.89.Final</version>
            <classifier>osx-aarch_64</classifier>
        </dependency>
        <dependency>
            <groupId>io.netty</groupId>
            <artifactId>netty-resolver-dns-native-macos</artifactId>
            <version>4.1.89.Final</version>
            <classifier>osx-x86_64</classifier>
        </dependency>

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I ran tests on m1 against Postgres, seems to work fine! 👍

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for verifying that

@patriknw
Copy link
Member Author

Also PR upstream: pgjdbc/r2dbc-postgresql#584

@patriknw patriknw merged commit f24b351 into main Feb 16, 2023
@patriknw patriknw deleted the wip-netty-patriknw branch February 16, 2023 08:22
@ennru ennru mentioned this pull request Feb 17, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@johanandren johanandren johanandren approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@patriknw @johanandren