Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update nettyVersion to at least 4.1.42.Final to get rid of CVE-2019-16869 #868

Closed
aschei opened this issue Oct 16, 2019 · 3 comments
Closed

Update nettyVersion to at least 4.1.42.Final to get rid of CVE-2019-16869 #868

aschei opened this issue Oct 16, 2019 · 3 comments
Labels
type/bug A general bug
Milestone
0.8.13.RELEASE

Comments

@aschei
Copy link

aschei commented Oct 16, 2019

Expected Behavior

reactor-netty should not be vulnerable to https://nvd.nist.gov/vuln/detail/CVE-2019-16869.

Actual Behavior

reactor-netty is reported vulnerable to https://nvd.nist.gov/vuln/detail/CVE-2019-16869.

Steps to Reproduce

Possible Solution

Update nettyVersion to at least 4.1.42.Final.

Your Environment

  • Reactor version(s) used: io.projectreactor.netty:reactor-netty:0.9.0.RELEASE
  • JVM version (java -version): openjdk version "11.0.3"
  • OS and version (eg uname -a): Linux 5.3.5-arch1-1-ARCH
@aschei aschei added status/need-triage A new issue that still need to be evaluated as a whole type/bug A general bug labels Oct 16, 2019
@violetagg violetagg removed the status/need-triage A new issue that still need to be evaluated as a whole label Oct 24, 2019
@violetagg violetagg added this to the 0.8.13.RELEASE milestone Oct 24, 2019
@violetagg
Copy link
Member

Fixed with #842 , 777274a and 218af7a

@aschei
Copy link
Author

aschei commented Oct 24, 2019

Thanks for fixing! When will there be a release containing the fix? I currently depend on 0.9.0.

@violetagg
Copy link
Member

@aschei In the next days

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/bug A general bug
Projects
None yet
Milestone
0.8.13.RELEASE
Development

No branches or pull requests
2 participants
@violetagg @aschei