Uploaded image for project: 'Java Couchbase JVM Core'
  1. Java Couchbase JVM Core
  2. JVMCBC-838

Vulnerabilities in java client sdk for io.netty:netty-all

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Incomplete
    • 0.1
    • None
    • Dependencies
    • 1
    • CVE-2019-16869; CVE-2019-20445; CVE-2019-20444
    • Critical

    Description

      Hi, even the latest version in 2.x of java client sdk for couchbase have following io.netty:netty-all vulnerabilities:
      CVE-2019-16869
      CVE-2019-20445
      CVE-2019-20444
      Could we please upgrade the io.netty:netty-all:4.0.56.Final dependencies to a safer version (i.e > 4.1.45.Final) in com.couchbase.client:core-io ?
      Moving to sdk 3.x is a bigger effort for us, and we have a future plan for that.
      Thank you.
      M

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          There are no comments yet on this issue.

          People

            daschl Michael Nitschinger
            muzeebullah Muzeeb Syed
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty