mariusssi
mariusssi
I tried deploying without the netty jar, but Pinpoint RPC failed to be initialized (and it's true io.netty is a dependency in it) ``` Caused by: java.lang.NoClassDefFoundError: org/jboss/netty/channel/socket/nio/WorkerPool at pinpoint.agent/pinpoint.agent/com.navercorp.pinpoint.rpc.ClassPreLoader.preload(ClassPreLoader.java:46)...
Hi. What about https://nvd.nist.gov/vuln/detail/CVE-2020-11987 ? Fix: batik 1.14
CVE-2022-21724 in postgresql, not fixed in [9.4.0.0-79](https://mvnrepository.com/artifact/pentaho-kettle/kettle-engine/9.4.0.0-79)
If upgrade is not possible, there is a mitigation mentioned in that CVE page, I believe like this: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html Please clarify if this is already done, [this ](https://github.com/pentaho/pentaho-platform/blob/9c4ee216f720cac22e03e29a84ae7180aec4aa12/core/src/main/java/org/pentaho/platform/util/xml/XMLParserFactoryProducer.java#L51) file looks...