Details
-
Improvement
-
Resolution: Won't Fix
-
Major
-
None
-
None
-
None
-
0
Description
couchbase-jvm-core is affected with CVE-2022-41881 that comes from netty dependency
We can easily fix it by bumping the version of netty.
Because netty jars are shaded inside the core-io, it's impossible to overwrite the version of netty with the maven dependency manager.
I also prepared a simple PR for it: