pushy icon indicating copy to clipboard operation
pushy copied to clipboard

Published 20 hours ago verified publisher icon jchambers

Bump Netty to 4.1.108.Final due to CVE-2024-29025

Open petarov opened this issue 1 year ago • 2 comments

This is a simple PR that bumps Netty to 4.1.108.Final. Unit tests seem to run without any issues.

Background:

One of my projects uses Pushy and I'm required to compose an SBOM of all dependencies when shipping builds. CVE-2024-29025 was reported due to Pushy's dependency on Netty.

Vulnerability reported in 0.15.4:

NAME              INSTALLED      FIXED-IN       TYPE          VULNERABILITY        SEVERITY 
netty-codec-http  4.1.104.Final  4.1.108.Final  java-archive  GHSA-5jpm-x58v-624v  Medium

See https://github.com/advisories/GHSA-5jpm-x58v-624v

petarov avatar Jun 13 '24 08:06 petarov