Apache
/
druid
mirror of https://github.com/apache/druid.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3 (#11844) 

* bump netty4 to 4.1.68

* suppress CVE-2021-37136 and CVE-2021-37137 for netty3

* license
This commit is contained in:
Jihoon Son 2021-10-26 00:09:15 -04:00 committed by GitHub
parent f2106d7621
commit 07a232d7b4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 16 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
licenses.yaml
View File

@ -1228,7 +1228,7 @@ name: Netty
license_category: binary
module: java-core
license_name: Apache License version 2.0
version: 4.1.63.Final
version: 4.1.68.Final
libraries:
- io.netty: netty-buffer
- io.netty: netty-codec

24
owasp-dependency-check-suppressions.xml
View File

@ -162,6 +162,8 @@
<cve>CVE-2019-16869</cve>
<cve>CVE-2019-20444</cve>
<cve>CVE-2019-20445</cve>
<cve>CVE-2021-37136</cve>
<cve>CVE-2021-37137</cve>
</suppress>
<suppress>
<!-- TODO: Fix by upgrading hadoop-auth version -->
@ -286,16 +288,18 @@
<cve>CVE-2019-17571</cve>
</suppress>
<suppress>
<!--
- TODO: The lastest version of ambari-metrics-common is 2.7.0.0.0, released in July 2018.
-->
<notes><![CDATA[
file name: ambari-metrics-common-2.7.0.0.0.jar (shaded: io.netty:netty:3.10.5.Final)
]]></notes>
<packageUrl regex="true">^pkg:maven/io\.netty/netty@3.10.5.Final$</packageUrl>
<cve>CVE-2019-16869</cve>
<cve>CVE-2019-20444</cve>
<cve>CVE-2019-20445</cve>
<!--
- TODO: The lastest version of ambari-metrics-common is 2.7.0.0.0, released in July 2018.
-->
<notes><![CDATA[
file name: ambari-metrics-common-2.7.0.0.0.jar (shaded: io.netty:netty:3.10.5.Final)
]]></notes>
<packageUrl regex="true">^pkg:maven/io\.netty/netty@3.10.5.Final$</packageUrl>
<cve>CVE-2019-16869</cve>
<cve>CVE-2019-20444</cve>
<cve>CVE-2019-20445</cve>
<cve>CVE-2021-37136</cve>
<cve>CVE-2021-37137</cve>
</suppress>
<suppress>
<!--

2
pom.xml
View File

@ -100,7 +100,7 @@
<mysql.version>5.1.48</mysql.version>
<mariadb.version>2.7.3</mariadb.version>
<netty3.version>3.10.6.Final</netty3.version>
<netty4.version>4.1.63.Final</netty4.version>
<netty4.version>4.1.68.Final</netty4.version>
<postgresql.version>42.2.14</postgresql.version>
<protobuf.version>3.11.0</protobuf.version>
<resilience4j.version>1.3.1</resilience4j.version>