Details
-
Bug
-
Resolution: Incomplete
-
Critical
-
None
-
0.1
-
1
-
CVE-2019-16869; CVE-2019-20445; CVE-2019-20444
-
Critical
Description
Hi, even the latest version in 2.x of java client sdk for couchbase have following io.netty:netty-all vulnerabilities:
CVE-2019-16869
CVE-2019-20445
CVE-2019-20444
Could we please upgrade the io.netty:netty-all:4.0.56.Final dependencies to a safer version (i.e > 4.1.45.Final) in com.couchbase.client:core-io ?
Moving to sdk 3.x is a bigger effort for us, and we have a future plan for that.
Thank you.
M