vertx-hazelcast icon indicating copy to clipboard operation
vertx-hazelcast copied to clipboard

Published 20 hours ago verified publisher icon vert-x3

hazelcast 4.2.8 has HIGH severity CVEs

Open JSchering opened this issue 2 months ago • 1 comments

Version

vert.x 4.5.7

Context

Vertx 4.5.7 uses hazelcast 4.2.8 which has a number of high severity CVEs. Our security team is requiring these to be resolved. We would like to request vertx 4 to move to version 5.3.5 or above for hazelcast to remediate these CVEs

CVE-2023-33265 Maven central Hazelcast CVE

JSchering avatar May 02 '24 17:05 JSchering

@JSchering thanks we are going to investigate this

vietj avatar May 03 '24 11:05 vietj

vertx 4.x is already tested with HZ 5.3.5 so I think it is only a matter of not recommending HZ 4 by default in the doc and perhaps in the pom file

vietj avatar May 17 '24 11:05 vietj

you can see that in CI https://github.com/vert-x3/vertx-hazelcast/actions/runs/9122777742

vietj avatar May 17 '24 11:05 vietj

That would be great thank you.

JSchering avatar May 20 '24 16:05 JSchering