From 8163b2509512b07ef560019a3a7948a7dbf7ef36 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Pupier?= Date: Tue, 17 Oct 2023 14:48:44 +0200 Subject: [PATCH] Upgrade and Pin Netty 4.1.100.Final MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - it is a dependency of Zookeeper - Netty 4.1.100.Final contains a fix for important CVE - Citrus is then affected but given the context of usage of Citrus with good chance of not being vulnerable - Zookeeper has not integrated the fixed version yet - Pinning here will avoid having Citrus to be flagged and ease integration for consumers of Citrus Signed-off-by: Aurélien Pupier --- endpoints/citrus-zookeeper/pom.xml | 9 +++++++++ pom.xml | 12 ++++++++++++ 2 files changed, 21 insertions(+) diff --git a/endpoints/citrus-zookeeper/pom.xml b/endpoints/citrus-zookeeper/pom.xml index 14fa18982b..b24c991453 100644 --- a/endpoints/citrus-zookeeper/pom.xml +++ b/endpoints/citrus-zookeeper/pom.xml @@ -62,6 +62,15 @@ org.apache.zookeeper zookeeper + + io.netty + netty-handler + + + io.netty + netty-transport-native-epoll + linux-x86_64 + io.dropwizard.metrics metrics-core diff --git a/pom.xml b/pom.xml index 2a943e6b00..8d3380f496 100644 --- a/pom.xml +++ b/pom.xml @@ -223,6 +223,7 @@ 2.20.0 5.6.0 3.1.0 + 4.1.100.Final 4.11.0 3.0.2 4.13.0 @@ -986,6 +987,17 @@ ${jakarta.validation.version} + + io.netty + netty-handler + ${netty.version} + + + io.netty + netty-transport-native-epoll + linux-x86_64 + ${netty.version} + org.apache.zookeeper zookeeper