Upgrade netty version to fix CVE #17515

ashibhardwaj · 2024-11-27T06:40:46Z

Upgrading Netty from version 4.1.108.Final to 4.1.115.Final to fix CVE-2024-47535.

Refer: https://avd.aquasec.com/nvd/cve-2024-47535
(netty: Denial of Service attack on windows app using Netty)

cryptoe

Will merge post a clean run of CICD

ashibhardwaj · 2024-11-29T08:55:36Z

@cryptoe can you confirm if the above tests are failing due to transient errors? I noticed that different tests have been failing for subsequent runs.

Error: ``` Error: found 2 missing licenses. These licenses are reported, but missing in the registry druid_module: azure-extensions, groupId: io.netty, artifactId: netty-tcnative-boringssl-static, version: 2.0.69.Final, license: Apache License version 2.0 druid_module: azure-extensions, groupId: io.netty, artifactId: netty-tcnative-classes, version: 2.0.69.Final, license: Apache License version 2.0 ```

Upgrade netty version to fix CVE

b85c8bc

github-actions bot added the Area - Dependencies label Nov 27, 2024

cryptoe approved these changes Nov 27, 2024

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Upgrade netty version to fix CVE #17515

Upgrade netty version to fix CVE #17515

ashibhardwaj commented Nov 27, 2024

cryptoe left a comment

ashibhardwaj commented Nov 29, 2024

Upgrade netty version to fix CVE #17515

Are you sure you want to change the base?

Upgrade netty version to fix CVE #17515

Conversation

ashibhardwaj commented Nov 27, 2024

cryptoe left a comment

Choose a reason for hiding this comment

ashibhardwaj commented Nov 29, 2024