Uploaded image for project: 'Java Couchbase JVM Core'
  1. Java Couchbase JVM Core
  2. JVMCBC-1456

CVE-2022-41881 in couchbase-jvm-core

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Won't Fix
    • Major
    • None
    • None
    • Core
    • None
    • 0

    Description

      couchbase-jvm-core is affected with CVE-2022-41881 that comes from netty dependency

      We can easily fix it by bumping the version of netty.

      Because netty jars are shaded inside the core-io, it's impossible to overwrite the version of netty with the maven dependency manager.

      I also prepared a simple PR for it:

      https://github.com/couchbase/couchbase-jvm-core/pull/30

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            david.nault David Nault
            lekanich Oleksandr Zhelezniak
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty