New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade Netty to 4.1.78.Final #26211
Comments
We do plan to do this soon, but it needs to be tested with Vert.x |
cc @cescoffier |
We won't bump for now. We have found a graalvm bug that prevent native compilation. |
@cescoffier @geoand @dhoffer I was about to report a similar issue while reviewing the issues for Keycloak, when I found this ticket. The issue should be considered as low-impact considering that only Java 6, or below are impacted. More details here: https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-2812456 |
Yes, I am aware of the CVE, but let's say that Java 6 is slightly out of scope :-). |
Closed via #26294 |
Description
We are getting security scan failures with the current Netty 4.1.74.Final, I see there is a 4.1.78.Final available. I have not verified they are fixed in 4.1.78.Final but seems Quarkus should always move to the latest service pack version to pickup bug fixes.
Implementation ideas
No response
The text was updated successfully, but these errors were encountered: