Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

async-http-client version 2.10.4 security issues #330

Closed
pmologni opened this issue Feb 3, 2020 · 3 comments
Closed

async-http-client version 2.10.4 security issues #330

pmologni opened this issue Feb 3, 2020 · 3 comments

Comments

@pmologni
Copy link

pmologni commented Feb 3, 2020

Describe the bug
current async-http-client version 2.10.4 have 2 High Severity security issues

Can you please bump it the the latest version?

https://snyk.io/test/github/AsyncHttpClient/async-http-client

Cheers,
Paolo
@aheritier
Copy link
Contributor

Hi @pmologni

AFAICS 2.10.4 is the latest release available and deployed on Maven central cc @slandelle

My understanding of https://snyk.io/test/github/cloudbees/zendesk-java-client is that the issue is in netty and not async-http-client

@pmologni
Copy link
Author

pmologni commented Feb 3, 2020

Thanks @aheritier!

@pmologni pmologni closed this as completed Feb 3, 2020
@aheritier aheritier mentioned this issue Feb 3, 2020
Merged
@aheritier
Copy link
Contributor

@slandelle merged the PR but it is useless in our context. These security issues are on the server side of Netty. async-http-client is using the client side.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aheritier @pmologni