build: update netty dependency

Update the version of `netty` dependency to `4.1.100-Final`. Before the change, security scanners (such as docker hub) reported that `netty` used in the project was vulnerable to CVE-2023-4586, CVE-2023-44487, CVE-2022-41881, CVE-2021-37136 (all "HIGH" severity) as well as CVE-2023-34462 and CVE-2021-21409 (both "MEDIUM" severity) The issues are fixed in netty `4.1.100-Final` and after this commit the security scanner doesn't report any problems related to this dependency. Fixes: #363
scylladb · Dec 12, 2023 · f52a780 · f52a780
1 parent 9ec5cb0
commit f52a780
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/build.xml b/build.xml
@@ -457,8 +457,8 @@
           <dependency groupId="io.airlift" artifactId="airline" version="0.6">
             <exclusion groupId="com.google.code.findbugs" artifactId="jsr305" />
           </dependency>
-          <dependency groupId="io.netty" artifactId="netty-bom" version="4.1.58.Final" type="pom" scope="provided"/>
-          <dependency groupId="io.netty" artifactId="netty-all" version="4.1.58.Final" />
+          <dependency groupId="io.netty" artifactId="netty-bom" version="4.1.100.Final" type="pom" scope="provided"/>
+          <dependency groupId="io.netty" artifactId="netty-all" version="4.1.100.Final" />
           <dependency groupId="com.google.code.findbugs" artifactId="jsr305" version="2.0.2" scope="provided"/>
           <dependency groupId="com.clearspring.analytics" artifactId="stream" version="2.5.2">
             <exclusion groupId="it.unimi.dsi" artifactId="fastutil" />