Skip to content

Commit

Permalink
KAFKA-12389: Upgrade of netty-codec due to CVE-2021-21290
Browse files Browse the repository at this point in the history 
This security vulnerability was found in netty-codec-http, but [caused by netty itself](netty/netty@c735357) and [fixed in 4.1.59.Final](GHSA-5mcr-gq6c-3hq2). So, upgrade the netty version from 4.1.51.Final to 4.1.59.Final.

Author: Lee Dongjin <dongjin@apache.org>

Reviewers: Manikumar Reddy <manikumar.reddy@gmail.com>

Closes #10235 from dongjinleekr/feature/KAFKA-12389

(cherry picked from commit 4b3e3a9)
Signed-off-by: Manikumar Reddy <manikumar.reddy@gmail.com>
  • Loading branch information
@dongjinleekr @omkreddy
dongjinleekr authored and omkreddy committed Mar 3, 2021
1 parent b556543 commit 04d3bd9
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion gradle/dependencies.gradle
View file
Expand Up @@ -97,7 +97,7 @@ versions += [
mavenArtifact: "3.6.3",
metrics: "2.2.0",
mockito: "3.3.3",
netty: "4.1.50.Final",
netty: "4.1.59.Final",
owaspDepCheckPlugin: "5.3.2.1",
powermock: "2.0.7",
reflections: "0.9.12",
Expand Down

0 comments on commit 04d3bd9

Please sign in to comment.