From b3ca59db8aa5a5c1981730803dada936d3c7dd19 Mon Sep 17 00:00:00 2001 From: Moritz Heidkamp Date: Mon, 22 Aug 2022 18:38:25 +0200 Subject: [PATCH] Update Netty to 4.1.79.Final 4.1.77.Final shipped a fix for CVE-2022-24823. While that vulnerability only affects Java 6 and lower which Clojure doesn't even support, it's still reported by tools like `nvd-clojure`. Thus, bumping to the latest minor version relieves downstream users from having to suppress such false positives. Also included are various smaller bug fixes and improvements. A selection of particularly interesting ones for Aleph users: * https://github.com/netty/netty/pull/12108 * https://github.com/netty/netty/pull/12246 * https://github.com/netty/netty/pull/12270 * https://github.com/netty/netty/pull/12476 * https://github.com/netty/netty/pull/12490 * https://github.com/netty/netty/pull/12533 --- project.clj | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/project.clj b/project.clj index 374a9087..903a243d 100644 --- a/project.clj +++ b/project.clj @@ -1,4 +1,4 @@ -(def netty-version "4.1.74.Final") +(def netty-version "4.1.79.Final") (defproject aleph (or (System/getenv "PROJECT_VERSION") "0.5.0") :description "A framework for asynchronous communication"