From 80920d86ce3170600f9b4ba5b723c32964cd6ac7 Mon Sep 17 00:00:00 2001 From: za-liuyonghua Date: Wed, 28 Dec 2022 16:37:23 +0800 Subject: [PATCH 1/2] fix CVE-2022-41915 --- dist-material/LICENSE | 2 +- pom.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dist-material/LICENSE b/dist-material/LICENSE index e2c7a77be5..c78714d002 100755 --- a/dist-material/LICENSE +++ b/dist-material/LICENSE @@ -220,7 +220,7 @@ The text of each license is the standard Apache 2.0 license. Google: gson 2.8.9: https://github.com/google/gson , Apache 2.0 Google: proto-google-common-protos 2.0.1: https://github.com/googleapis/googleapis , Apache 2.0 Google: jsr305 3.0.2: http://central.maven.org/maven2/com/google/code/findbugs/jsr305/3.0.0/jsr305-3.0.0.pom , Apache 2.0 - netty 4.1.79: https://github.com/netty/netty/blob/4.1/LICENSE.txt, Apache 2.0 + netty 4.1.86: https://github.com/netty/netty/blob/4.1/LICENSE.txt, Apache 2.0 ======================================================================== BSD licenses diff --git a/pom.xml b/pom.xml index 1e64fc68c9..aae5e42eb7 100755 --- a/pom.xml +++ b/pom.xml @@ -88,7 +88,7 @@ 1.12.19 1.50.0 - 4.1.79.Final + 4.1.86.Final 2.8.9 1.6.2 0.6.1 From ef90db165939c5b1ceb65b07de02b8896c1f244a Mon Sep 17 00:00:00 2001 From: za-liuyonghua Date: Wed, 28 Dec 2022 16:55:08 +0800 Subject: [PATCH 2/2] fix CVE-2022-41915 --- CHANGES.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGES.md b/CHANGES.md index 67ebcbf918..f67237ae94 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -22,6 +22,7 @@ Release Notes. * Fix In the higher version of mysql-connector-java 8x, there is an error in the value of db.instance. * Add support for KafkaClients 3.x. * Support to customize the collect period of JVM relative metrics. +* Upgrade netty-codec-http2 to 4.1.86.Final. #### Documentation