async-http-client icon indicating copy to clipboard operation
async-http-client copied to clipboard

Published 20 hours ago verified publisher icon AsyncHttpClient

Updating netty.version to latest to fix a vulnerability

Open ronanwatkins opened this issue 2 years ago • 5 comments

More detail: https://app.snyk.io/vuln/SNYK-JAVA-IONETTY-1584063

ronanwatkins avatar Oct 14 '21 15:10 ronanwatkins

@ronanwatkins The latest version is now 4.1.69.Final, could you maybe update your PR, please?

Once this is done, @TomGranot would it be possible for you to publish a new version, please?

guizmaii avatar Oct 19 '21 05:10 guizmaii

@ronanwatkins The latest version is now 4.1.69.Final, could you maybe update your PR, please?

Once this is done, @TomGranot would it be possible for you to publish a new version, please?

Sure, I've updated it to the latest version.

ronanwatkins avatar Oct 19 '21 07:10 ronanwatkins

I also updated the netty version in this PR but added the new client codec options to the httpClientCodec client. in : #1804

borissmidt avatar Oct 20 '21 10:10 borissmidt

Any reason why this can't be merged?

ronanwatkins avatar Oct 26 '21 07:10 ronanwatkins

it seems it hasn't been accepted yet. nor is my branch 'accepted'. I guess we have to be patient.

borissmidt avatar Oct 26 '21 08:10 borissmidt

4.1.85.Final is released, when will this get merged?

Dieken avatar Nov 10 '22 11:11 Dieken

@hyperxpro why close? It’s not resolved, it’s a security issue.

Dieken avatar Dec 28 '22 16:12 Dieken

@hyperxpro why close? It’s not resolved, it’s a security issue.

New major release will use latest Netty version. Checkout develop branch.

hyperxpro avatar Dec 29 '22 12:12 hyperxpro