vertx-hazelcast
vertx-hazelcast copied to clipboard
hazelcast 4.2.8 has HIGH severity CVEs
Version
vert.x 4.5.7
Context
Vertx 4.5.7 uses hazelcast 4.2.8 which has a number of high severity CVEs. Our security team is requiring these to be resolved. We would like to request vertx 4 to move to version 5.3.5 or above for hazelcast to remediate these CVEs
@JSchering thanks we are going to investigate this
vertx 4.x is already tested with HZ 5.3.5 so I think it is only a matter of not recommending HZ 4 by default in the doc and perhaps in the pom file
you can see that in CI https://github.com/vert-x3/vertx-hazelcast/actions/runs/9122777742
That would be great thank you.