Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use Netty 4.1.68 which fixes CVE-2021-37136 and CVE-2021-37137 #661

Merged
merged 1 commit into from
Nov 29, 2021
Merged

Use Netty 4.1.68 which fixes CVE-2021-37136 and CVE-2021-37137 #661

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 21 additions & 21 deletions THIRD-PARTY
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4322,111 +4322,111 @@ package in the Spring Framework library, distributed by VMware, Inc:

--------------------------------------------------------------------------------

61. Group: io.netty Name: netty-buffer Version: 4.1.61.Final
61. Group: io.netty Name: netty-buffer Version: 4.1.68.Final

Manifest Project URL: https://netty.io/

POM License: Apache License, Version 2.0 - https://www.apache.org/licenses/LICENSE-2.0

--------------------------------------------------------------------------------

62. Group: io.netty Name: netty-codec Version: 4.1.61.Final
62. Group: io.netty Name: netty-codec Version: 4.1.68.Final

Manifest Project URL: https://netty.io/

POM License: Apache License, Version 2.0 - https://www.apache.org/licenses/LICENSE-2.0

--------------------------------------------------------------------------------

63. Group: io.netty Name: netty-codec-dns Version: 4.1.61.Final
63. Group: io.netty Name: netty-codec-dns Version: 4.1.68.Final

Manifest Project URL: https://netty.io/

POM License: Apache License, Version 2.0 - https://www.apache.org/licenses/LICENSE-2.0

--------------------------------------------------------------------------------

64. Group: io.netty Name: netty-codec-haproxy Version: 4.1.61.Final
64. Group: io.netty Name: netty-codec-haproxy Version: 4.1.68.Final

Manifest Project URL: https://netty.io/

POM License: Apache License, Version 2.0 - https://www.apache.org/licenses/LICENSE-2.0

--------------------------------------------------------------------------------

65. Group: io.netty Name: netty-codec-http Version: 4.1.61.Final
65. Group: io.netty Name: netty-codec-http Version: 4.1.68.Final

Manifest Project URL: https://netty.io/

POM License: Apache License, Version 2.0 - https://www.apache.org/licenses/LICENSE-2.0

--------------------------------------------------------------------------------

66. Group: io.netty Name: netty-codec-http2 Version: 4.1.61.Final
66. Group: io.netty Name: netty-codec-http2 Version: 4.1.68.Final

Manifest Project URL: https://netty.io/

POM License: Apache License, Version 2.0 - https://www.apache.org/licenses/LICENSE-2.0

--------------------------------------------------------------------------------

67. Group: io.netty Name: netty-codec-socks Version: 4.1.61.Final
67. Group: io.netty Name: netty-codec-socks Version: 4.1.68.Final

Manifest Project URL: https://netty.io/

POM License: Apache License, Version 2.0 - https://www.apache.org/licenses/LICENSE-2.0

--------------------------------------------------------------------------------

68. Group: io.netty Name: netty-common Version: 4.1.61.Final
68. Group: io.netty Name: netty-common Version: 4.1.68.Final

Manifest Project URL: https://netty.io/

POM License: Apache License, Version 2.0 - https://www.apache.org/licenses/LICENSE-2.0

--------------------------------------------------------------------------------

69. Group: io.netty Name: netty-handler Version: 4.1.61.Final
69. Group: io.netty Name: netty-handler Version: 4.1.68.Final

Manifest Project URL: https://netty.io/

POM License: Apache License, Version 2.0 - https://www.apache.org/licenses/LICENSE-2.0

--------------------------------------------------------------------------------

70. Group: io.netty Name: netty-handler-proxy Version: 4.1.61.Final
70. Group: io.netty Name: netty-handler-proxy Version: 4.1.68.Final

Manifest Project URL: https://netty.io/

POM License: Apache License, Version 2.0 - https://www.apache.org/licenses/LICENSE-2.0

--------------------------------------------------------------------------------

71. Group: io.netty Name: netty-resolver Version: 4.1.61.Final
71. Group: io.netty Name: netty-resolver Version: 4.1.68.Final

Manifest Project URL: https://netty.io/

POM License: Apache License, Version 2.0 - https://www.apache.org/licenses/LICENSE-2.0

--------------------------------------------------------------------------------

72. Group: io.netty Name: netty-resolver-dns Version: 4.1.61.Final
72. Group: io.netty Name: netty-resolver-dns Version: 4.1.68.Final

Manifest Project URL: https://netty.io/

POM License: Apache License, Version 2.0 - https://www.apache.org/licenses/LICENSE-2.0

--------------------------------------------------------------------------------

73. Group: io.netty Name: netty-resolver-dns-native-macos Version: 4.1.61.Final
73. Group: io.netty Name: netty-resolver-dns-native-macos Version: 4.1.68.Final

Manifest Project URL: https://netty.io/

POM License: Apache License, Version 2.0 - https://www.apache.org/licenses/LICENSE-2.0

--------------------------------------------------------------------------------

74. Group: io.netty Name: netty-tcnative-boringssl-static Version: 2.0.39.Final
74. Group: io.netty Name: netty-tcnative-boringssl-static Version: 2.0.42.Final

Embedded license:

Expand Down Expand Up @@ -4690,23 +4690,23 @@ This product contains code from boringssl.

--------------------------------------------------------------------------------

75. Group: io.netty Name: netty-transport Version: 4.1.61.Final
75. Group: io.netty Name: netty-transport Version: 4.1.68.Final

Manifest Project URL: https://netty.io/

POM License: Apache License, Version 2.0 - https://www.apache.org/licenses/LICENSE-2.0

--------------------------------------------------------------------------------

76. Group: io.netty Name: netty-transport-native-epoll Version: 4.1.61.Final
76. Group: io.netty Name: netty-transport-native-epoll Version: 4.1.68.Final

Manifest Project URL: https://netty.io/

POM License: Apache License, Version 2.0 - https://www.apache.org/licenses/LICENSE-2.0

--------------------------------------------------------------------------------

77. Group: io.netty Name: netty-transport-native-unix-common Version: 4.1.61.Final
77. Group: io.netty Name: netty-transport-native-unix-common Version: 4.1.68.Final

Manifest Project URL: https://netty.io/

Expand Down Expand Up @@ -19636,7 +19636,7 @@ POM License: MIT License - https://opensource.org/licenses/MIT

--------------------------------------------------------------------------------

129. Group: org.eclipse.collections Name: eclipse-collections Version: 11.0.0.M6
129. Group: org.eclipse.collections Name: eclipse-collections Version: 11.0.0

Manifest Project URL: https://github.com/eclipse/eclipse-collections/eclipse-collections

Expand All @@ -19648,7 +19648,7 @@ POM License: Eclipse Public License - v 1.0 - https://www.eclipse.org/legal/epl-

--------------------------------------------------------------------------------

130. Group: org.eclipse.collections Name: eclipse-collections-api Version: 11.0.0.M6
130. Group: org.eclipse.collections Name: eclipse-collections-api Version: 11.0.0

Manifest Project URL: https://github.com/eclipse/eclipse-collections/eclipse-collections-api

Expand All @@ -19660,7 +19660,7 @@ POM License: Eclipse Public License - v 1.0 - https://www.eclipse.org/legal/epl-

--------------------------------------------------------------------------------

131. Group: org.eclipse.collections Name: eclipse-collections-forkjoin Version: 11.0.0.M6
131. Group: org.eclipse.collections Name: eclipse-collections-forkjoin Version: 11.0.0

POM License: Eclipse Distribution License - v 1.0 - https://www.eclipse.org/licenses/edl-v10.html

Expand Down Expand Up @@ -28237,5 +28237,5 @@ POM License: The Apache License, Version 2.0 - http://www.apache.org/licenses/LI
--------------------------------------------------------------------------------


This report was generated at Fri Nov 19 13:08:30 CST 2021.
This report was generated at Mon Nov 29 09:27:26 CST 2021.

12 changes: 10 additions & 2 deletions build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,14 @@ subprojects {
because 'We want the newest version of httpclient.'
}
}
constraints {
implementation('io.netty:netty-tcnative-boringssl-static') {
version {
require '2.0.42.Final'
}
because 'Netty 4.1.66+ requires new classes and methods in this version.'
}
}
}
test {
useJUnitPlatform()
Expand All @@ -73,8 +81,8 @@ subprojects {
configurations.all {
resolutionStrategy.eachDependency { def details ->
if (details.requested.group == 'io.netty' && !details.requested.name.startsWith('netty-tcnative')) {
details.useVersion '4.1.61.Final'
details.because 'includes CVE fix'
details.useVersion '4.1.68.Final'
details.because 'Fixes CVE-2021-37136 and CVE-2021-37137. See https://netty.io/news/2021/09/09/4-1-68-Final.html'
}
}
}
Expand Down