Update netty to 4.1.72.Final #8781
Labels
Comments
|
This is in progress, see #8780. |
|
Closing as a duplicate of #8617 (yes, that is to upgrade to an older version of Netty, but our intention is to upgrade to 4.1.72; this can be re-opened if we don't end up upgrading to 4.1.72). Note that we recommend using grpc-netty-shaded is not vulnerable to the mentioned vulnerabilities. When using grpc-netty, you are free to use newer versions of Netty, but recognize that regressions/incompatibilities are not as rare as we'd hope. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
What version of gRPC-Java are you using?
https://github.com/grpc/grpc-java/releases/tag/v1.43.1
What is your environment?
Ubuntu 20.04.3 (Azure pipelines)
PaloAltoNetworks' Prisma Cloud Scan shows some vulnerabilities in netty-codec.
The version 4.1.68.Final and later has not any high severity issues. And the 4.1.71.Final and later has none.
Vulnerabilities fixed in 4.1.68.Final: https://snyk.io/vuln/maven:io.netty%3Anetty-codec
Vulnerability fixed in 4.1.71.Final: https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-2314893
The text was updated successfully, but these errors were encountered: