Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump netty to fix vulnerability issue #2098

Closed
pedrovilasboas opened this issue May 17, 2022 · 2 comments
Closed

Bump netty to fix vulnerability issue #2098

pedrovilasboas opened this issue May 17, 2022 · 2 comments
Labels
type: dependency-upgrade A dependency upgrade
Milestone
6.1.9.RELEASE

Comments

@pedrovilasboas
Copy link

pedrovilasboas commented May 17, 2022
edited
Loading

Bug Report

Current Behavior

The last version of lettuce (6.1.8.RELEASE) has Netty version 4.1.75.Final. This netty version has the vulnerability issue CVE-2022-24823.

Possible Solution

Please update your netty dependency to at least 4.1.77.Final
@chibenwa
Copy link
Contributor

Moreover I want to mention there is a conflict for people relying on Netty 4.1.77:

io.lettuce.core.RedisConnectionException: Unable to connect to localhost:49462
Caused by: io.netty.handler.codec.EncoderException: java.lang.NoSuchMethodError: io.netty.util.internal.ReferenceCountUpdater.setInitialValue(Lio/netty/util/ReferenceCounted;)V
Caused by: java.lang.NoSuchMethodError: io.netty.util.internal.ReferenceCountUpdater.setInitialValue(Lio/netty/util/ReferenceCounted;)V

@chibenwa
Copy link
Contributor

I opened #2099

mp911de pushed a commit that referenced this issue Jul 1, 2022
@chibenwa
Bump Netty to 4.1.77 #2098 #2099
82d7ee7
mp911de added a commit that referenced this issue Jul 1, 2022
@mp911de
Polishing #2098
b46dfd5 
Also upgrade tcnative/io_uring versions.
mp911de pushed a commit that referenced this issue Jul 1, 2022
@chibenwa @mp911de
Bump Netty to 4.1.77 #2098 #2099
1a425c5
mp911de added a commit that referenced this issue Jul 1, 2022
@mp911de
Polishing #2098
1d6a466 
Also upgrade tcnative/io_uring versions.
@mp911de mp911de added the type: dependency-upgrade A dependency upgrade label Jul 1, 2022
@mp911de mp911de added this to the 6.1.9.RELEASE milestone Jul 1, 2022
@mp911de mp911de closed this as completed Jul 1, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: dependency-upgrade A dependency upgrade
Projects
None yet
Milestone
6.1.9.RELEASE
Development

No branches or pull requests
3 participants
@mp911de @chibenwa @pedrovilasboas