Netty dependency version is vulnerable
See original GitHub issueHey folks,
You are using a vulnerable version of Netty with an impressive 9.8/10 criticality score. Suggest patching ASAP to 4.1.50.Final
which should have binary compatibility as they are on modified semver
I’d submit a PR but I’m awaiting a confirmation on signing the Google CLA and I assume you want to move fast here. Tests seemed to pass in my local fork though
Cheers!
Issue Analytics
- State:
- Created 3 years ago
- Comments:12 (6 by maintainers)
Top Results From Across the Web
io.netty:netty-common - Snyk Vulnerability Database
version published direct vulnerabilities
5.0.0.Alpha2 3 Mar, 2015 0. C. 0. H. 0. M. 0. L
5.0.0.Alpha1 22 Dec, 2013 0. C. 0. H. 0....
Read more >What is the right way to upgrade netty and its components for ...
Currently our security auditing system found that the current netty-codec version ( 4.1.52.Final ) is vulnerable and suggested us to upgrade to ...
Read more >Latest AGP versions Depend on Vulnerable Netty Versions ...
Latest Android Gradle Plugin versions have a dependency on Netty: https://netty.io/. Netty before version 4.1.71 has a variety of security ...
Read more >Netty/Codec/HTTP - Maven Repository
Netty /Codec/HTTP. Netty/Codec/HTTP ... Version, Vulnerabilities, Repository, Usages, Date ... Netty in Action (2015) by Norman Maurer, Marvin Allen Wolfthal ...
Read more >Denial Of Service (DoS) Vulnerability in the Netty/Codec ...
Coordinates are used by agents when they build projects. The agent monitors the coordinates used to request libraries after the dependencies resolution process ......
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Feel free to always use the latest minor and patch versions of Firestore and Storage.
ok. if you say it’s ok to update
google-cloud-firestore
from 1.31.0 to 1.34.0 in firebase-admin 6.13, i will do it. i didn’t want to take that risk since i don’t know the code enough to assess the risk. Thank you for your help @hiranya911