Uploaded image for project: 'Olingo'
  1. Olingo
  2. OLINGO-1493

Security Vulnerabilities in direct dependency netty-codec-http

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • (Java) V4 4.7.1
    • (Java) V4 4.8.0
    • odata4-server
    • None

    Description

      Dear Olingo Community,

      odata-server-api and odata-server-core 4.7.1 have a direct dependency on

      io.netty netty-codec-http 4.1.43.Final

      This version has known security vulnerabilities ranked with medium and high CVSS score.
      See:

      https://snyk.io/vuln/SNYK-JAVA-IONETTY-1020439 -> fixed in 4.1.53Final or higher
      https://snyk.io/vuln/SNYK-JAVA-IONETTY-543669 -> fixed in 4.1.44.Final or higher
      https://snyk.io/vuln/SNYK-JAVA-IONETTY-543490 -> fixed in 4.1.44.Final or higher

      Upgrading the dependency to 4.1.53Final would fix the issue.

       

      P.S. com.fasterxml.jackson.core » jackson-core 2.10.0 is outdated, too and could be upgraded to 2.11.3

       

      Additional Links:

      https://mvnrepository.com/artifact/org.apache.olingo/odata-server-core/4.7.1
      https://mvnrepository.com/artifact/org.apache.olingo/odata-server-api/4.7.1

      Attachments

        Activity

          People

            mirbo mibo
            Weisenburger Norman
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: