aws / amazon-neptune-sigv4-signer

A library for Amazon Neptune that enables AWS Signature Version 4 signing for HTTP using Netty.
Apache License 2.0
16 stars 9 forks source link

Update to latest Netty version #14

Closed settesoft closed 2 years ago

settesoft commented 3 years ago

Previous versions are affected by CVE-2021-21290: https://nvd.nist.gov/vuln/detail/CVE-2021-21290

Issue #, if available:

Description of changes: Updated to latest version of netty. Also updated revision for main assembly version

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

settesoft commented 3 years ago

Hi @floschmedding & @srondelli , just wanted flag this PR for review as I couldn't see a way to assign it to anyone. Please let me know if I've missed something. Thanks!

gopuneet commented 2 years ago

Currently, the version of netty is 4.1.78.Final at https://github.com/aws/amazon-neptune-sigv4-signer/blob/master/pom.xml#L76 is newer than the version 4.1.59.Final being set in this Pull Request thus closing.