Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Netty dependency version is vulnerable

See original GitHub issue

Hey folks,

You are using a vulnerable version of Netty with an impressive 9.8/10 criticality score. Suggest patching ASAP to 4.1.50.Final which should have binary compatibility as they are on modified semver

I’d submit a PR but I’m awaiting a confirmation on signing the Google CLA and I assume you want to move fast here. Tests seemed to pass in my local fork though

Cheers!

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:12 (6 by maintainers)

github_iconTop GitHub Comments

1reaction
hiranya911commented, Jun 22, 2020

Feel free to always use the latest minor and patch versions of Firestore and Storage.

0reactions
theHilikuscommented, Jun 22, 2020

ok. if you say it’s ok to update google-cloud-firestore from 1.31.0 to 1.34.0 in firebase-admin 6.13, i will do it. i didn’t want to take that risk since i don’t know the code enough to assess the risk. Thank you for your help @hiranya911

Read more comments on GitHub >

github_iconTop Results From Across the Web

io.netty:netty-common - Snyk Vulnerability Database
version published direct vulnerabilities 5.0.0.Alpha2 3 Mar, 2015 0. C. 0. H. 0. M. 0. L 5.0.0.Alpha1 22 Dec, 2013 0. C. 0. H. 0....
Read more >
What is the right way to upgrade netty and its components for ...
Currently our security auditing system found that the current netty-codec version ( 4.1.52.Final ) is vulnerable and suggested us to upgrade to ...
Read more >
Latest AGP versions Depend on Vulnerable Netty Versions ...
Latest Android Gradle Plugin versions have a dependency on Netty: https://netty.io/. Netty before version 4.1.71 has a variety of security ...
Read more >
Netty/Codec/HTTP - Maven Repository
Netty /Codec/HTTP. Netty/Codec/HTTP ... Version, Vulnerabilities, Repository, Usages, Date ... Netty in Action (2015) by Norman Maurer, Marvin Allen Wolfthal ...
Read more >
Denial Of Service (DoS) Vulnerability in the Netty/Codec ...
Coordinates are used by agents when they build projects. The agent monitors the coordinates used to request libraries after the dependencies resolution process ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

java.lang.AbstractMethodError: Receiver class com.google.api.gax.grpc.InstantiatingGrpcChannelProvider does not define or inherit an implementation of the resolved method 'abstract com.google.api.gax.rpc.TransportChannelProvider withExecutor(java.util.concurrent.Executor)' of interface com.google.api.gax.rpc.TransportChannelProvider.

Next page

Incorrect Verified status returned by Firebase Auth Admin SDK Java