Skip to content

Commit

Permalink
Fix for vunerabilities reported by snky (#1121)
Browse files Browse the repository at this point in the history 
* Fix for HTTP Request Smuggling
Vulnerable module: io.netty:netty-codec-http
Introduced through: io.reactivex:rxnetty-http@0.5.2 and io.reactivex:rxnetty-spectator-http@0.5.2
Exploit maturity: No known exploit

* Fix for Deserialization of Untrusted Data
Vulnerable module: com.google.guava:guava
Introduced through: com.netflix.ribbon:ribbon-core@2.3.0 and com.netflix.ribbon:ribbon-loadbalancer@2.3.0
Exploit maturity: No known exploit

https://app.snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-32236
  • Loading branch information
@velo
velo committed Nov 24, 2019
1 parent ad8c919 commit 2087d4b
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 8 deletions.
21 changes: 13 additions & 8 deletions benchmark/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,15 +27,22 @@
<name>Feign Benchmark (JMH)</name>

<properties>
<jmh.version>1.20</jmh.version>
<!-- override default bytecode version for src/main from parent pom -->
<main.java.version>1.8</main.java.version>
<main.signature.artifact>java18</main.signature.artifact>
<jmh.version>1.22</jmh.version>
<main.basedir>${project.basedir}/..</main.basedir>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
</properties>

<dependencyManagement>
<dependencies>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-bom</artifactId>
<version>4.1.43.Final</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>

<dependencies>
<dependency>
<groupId>${project.groupId}</groupId>
Expand Down Expand Up @@ -84,7 +91,6 @@
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-buffer</artifactId>
<version>4.1.5.Final</version>
<scope>compile</scope>
</dependency>
<dependency>
Expand All @@ -107,7 +113,6 @@
<groupId>org.slf4j</groupId>
<artifactId>slf4j-nop</artifactId>
</dependency>

</dependencies>

<build>
Expand Down
6 changes: 6 additions & 0 deletions hystrix/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,12 @@
<artifactId>hystrix-core</artifactId>
<version>1.5.18</version>
</dependency>

<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>24.1.1-jre</version>
</dependency>
</dependencies>
</dependencyManagement>

Expand Down
11 changes: 11 additions & 0 deletions ribbon/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,16 @@
<ribbon-version>2.3.0</ribbon-version>
</properties>

<dependencyManagement>
<dependencies>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>24.1.1-jre</version>
</dependency>
</dependencies>
</dependencyManagement>

<dependencies>
<dependency>
<groupId>${project.groupId}</groupId>
Expand Down Expand Up @@ -63,4 +73,5 @@
<scope>test</scope>
</dependency>
</dependencies>

</project>

0 comments on commit 2087d4b

Please sign in to comment.