search

elastic / logstash

Logstash - transport and process your logs, events, or other data
https://www.elastic.co/products/logstash
Other
14.22k stars 3.5k forks source link

How to upgrade “netty-all” ? #14695

Open bailuoxi66 opened 2 years ago

bailuoxi66 commented 2 years ago

logstash‘s version:8.4.3 netty-all: netty-all-4.1.65.Final.jar

netty: 当前使用版本存在多个CVE漏洞,如CVE-2021-37136、CVE-2021-37137、CVE-2020-11612、CVE-2019-20445、CVE-2019-20444等,存在环境问题漏洞、可导致拒绝服务等。

netty: There are multiple CVE vulnerabilities in the current version, such as CVE-2021-37136, CVE-2021-37137, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444, etc. Denial of service, etc.

So need to upgrade dependencies

Recommended to upgrade to “netty-all-4.1.71.Final.jar”

bailuoxi66 commented 2 years ago

I replaced the corresponding version by myself, and an error occurred image

amaciejk commented 1 year ago

Note that 4.1.86 is the latest currently available netty version: https://mvnrepository.com/artifact/io.netty/netty-all