Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
(Java) V4 4.7.1
-
None
Description
Dear Olingo Community,
odata-server-api and odata-server-core 4.7.1 have a direct dependency on
io.netty netty-codec-http 4.1.43.Final
This version has known security vulnerabilities ranked with medium and high CVSS score.
See:
https://snyk.io/vuln/SNYK-JAVA-IONETTY-1020439 -> fixed in 4.1.53Final or higher
https://snyk.io/vuln/SNYK-JAVA-IONETTY-543669 -> fixed in 4.1.44.Final or higher
https://snyk.io/vuln/SNYK-JAVA-IONETTY-543490 -> fixed in 4.1.44.Final or higher
Upgrading the dependency to 4.1.53Final would fix the issue.
P.S. com.fasterxml.jackson.core » jackson-core 2.10.0 is outdated, too and could be upgraded to 2.11.3
Additional Links:
https://mvnrepository.com/artifact/org.apache.olingo/odata-server-core/4.7.1
https://mvnrepository.com/artifact/org.apache.olingo/odata-server-api/4.7.1