Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2022-41881 and CVE-2022-41915 in netty #33556

Closed
zhudaxi opened this issue Dec 20, 2022 · 2 comments
Closed

CVE-2022-41881 and CVE-2022-41915 in netty #33556

zhudaxi opened this issue Dec 20, 2022 · 2 comments
Labels
status: superseded An issue that has been superseded by another

Comments

@zhudaxi
Copy link

zhudaxi commented Dec 20, 2022

CVE-2022-41881
CVE-2022-41915
Netty versions prior to 4.1.86.Final is vulnerable to above CVEs, and currently spring-boot-dependencies highest version 2.7.6 includes 4.1.85.Final version netty.
Could you please upgrade the netty version? Thanks.
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Dec 20, 2022
@scottfrederick
Copy link
Contributor

Thanks for getting in touch. We have a semi-automated process for dependency upgrades that we will use to upgrade all relevant dependencies before the next releases.

In the meantime, you can use the appropriate build properties to override the managed version to the latest version as shown in the documentation.

@scottfrederick scottfrederick removed the status: waiting-for-triage An issue we've not yet triaged label Dec 20, 2022
@scottfrederick scottfrederick closed this as not planned Won't fix, can't repro, duplicate, stale Dec 20, 2022
@scottfrederick
Copy link
Contributor

See #33580

@scottfrederick scottfrederick added the status: superseded An issue that has been superseded by another label Dec 21, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: superseded An issue that has been superseded by another
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@scottfrederick @zhudaxi @spring-projects-issues