Skip to content

[CVE-2023-34462] - Upgrade netty from 4.1.86 to 4.1.94 #4133

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jun 27, 2023
Merged

[CVE-2023-34462] - Upgrade netty from 4.1.86 to 4.1.94 #4133

merged 4 commits into from
Jun 27, 2023

Conversation

raphaelmatori
Copy link
Contributor

Deals with CVE-2023-34462

This is found in owasp dependency scanner maven plugin in our local build, and according to security advisories it should be fixed in the latest version (4.1.94).

Motivation and Context

Modifications

Upgrading as instructed in pom.xml . Looks like this is what was done last time netty was upgraded in #3628 and approved by @davidh44

Testing

N/A

Screenshots (if appropriate)

N/A

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)

Checklist

  • I have read the CONTRIBUTING document
  • Local run of mvn install succeeds
  • My code follows the code style of this project
  • My change requires a change to the Javadoc documentation
  • I have updated the Javadoc documentation accordingly
  • I have added tests to cover my changes
  • All new and existing tests passed
  • I have added a changelog entry. Adding a new entry must be accomplished by running the scripts/new-change script and following the instructions. Commit the new file created by the script in .changes/next-release with your changes.
  • My change is to implement 1.11 parity feature and I have updated LaunchChangelog

License

  • I confirm that this pull request can be released under the Apache 2 license

@raphaelmatori raphaelmatori requested a review from a team as a code owner June 24, 2023 07:07
@debora-ito
Copy link
Member

@raphaelmatori thank you for the PR. I'll start the test builds.

@debora-ito debora-ito enabled auto-merge (squash) June 27, 2023 01:06
@debora-ito debora-ito merged commit 370f888 into aws:master Jun 27, 2023
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

L-Applin pushed a commit that referenced this pull request Jul 24, 2023
@raphaelmatori @debora-ito @L-Applin
Upgrade netty from 4.1.86 to 4.1.94 (#4133)
ccded28 
Co-authored-by: Debora N. Ito <[email protected]>
@debora-ito debora-ito mentioned this pull request Sep 14, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@debora-ito debora-ito debora-ito approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@raphaelmatori @debora-ito