Skip to content

2.0.12 Fixed vulnerability CVE-2024-47535 in io.netty:netty-common:jar:4.1.100.Final:compile

Latest
Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 18 Nov 10:07
2.0.12
c5e5787
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

This release fixes the following vulnerability:

CVE-2024-47535 (CWE-400) in dependency io.netty:netty-common:jar:4.1.100.Final:compile

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115.

References

Security

  • #79: Fixed vulnerability CVE-2024-47535 in dependency io.netty:netty-common:jar:4.1.100.Final:compile

Dependency Updates

Compile Dependency Updates

  • Updated org.apache.hadoop:hadoop-client:3.4.0 to 3.4.1
  • Updated org.apache.parquet:parquet-hadoop:1.14.3 to 1.14.4

Runtime Dependency Updates

  • Added io.netty:netty-transport-native-epoll:4.1.115.Final

Test Dependency Updates

  • Updated nl.jqno.equalsverifier:equalsverifier:3.17.1 to 3.17.3
  • Updated org.junit.jupiter:junit-jupiter:5.11.2 to 5.11.3

Plugin Dependency Updates

  • Updated com.exasol:project-keeper-maven-plugin:4.3.3 to 4.4.0
  • Added com.exasol:quality-summarizer-maven-plugin:0.2.0
  • Updated io.github.zlika:reproducible-build-maven-plugin:0.16 to 0.17
  • Updated org.apache.maven.plugins:maven-clean-plugin:2.5 to 3.4.0
  • Updated org.apache.maven.plugins:maven-failsafe-plugin:3.2.5 to 3.5.1
  • Updated org.apache.maven.plugins:maven-gpg-plugin:3.2.4 to 3.2.7
  • Updated org.apache.maven.plugins:maven-install-plugin:2.4 to 3.1.3
  • Updated org.apache.maven.plugins:maven-javadoc-plugin:3.7.0 to 3.10.1
  • Updated org.apache.maven.plugins:maven-resources-plugin:2.6 to 3.3.1
  • Updated org.apache.maven.plugins:maven-site-plugin:3.3 to 3.9.1
  • Updated org.apache.maven.plugins:maven-surefire-plugin:3.2.5 to 3.5.1
  • Updated org.codehaus.mojo:versions-maven-plugin:2.16.2 to 2.17.1
Assets 4
Loading