Closed endevcy closed 1 year ago
Hi @endevcy As the hivemq-mqtt-client is a library, you can easily upgrade the dependency yourself. If you build your project with Gradle, you could do the following:
dependencies {
implementation("com.hivemq:hivemq-mqtt-client:1.2.2")
implementation(platform("io.netty:netty-bom:4.1.65.Final"))
}
The 2.0.0 release of this library is planned but it is not yet clear when exactly it will happen.
Hi @SgtSilvio thanks for your quick reply and the information.
I missed this information at first, but the problem is we're using the shaded library with Maven.
Can we assure that updating the netty version will not break any compatibility?
We have an internal project that uses the hivemq-mqtt-client and netty version 4.1.63.Final without any problems. In general an update to the last number in the netty version will not break compatibility (as long as there is no bug on the netty side). Regarding the shaded version, you currently have 2 options:
how to upgrade its version in docker image, as there is no source code, only jar file is available
Closing out the issue since it's gone inactive. If anything remains, please feel free to file a new issue anytime.
Hi all - thanks for pointing this out. Netty has been updated 4.1.99.Final in release 1.3.3 which is building now.
Problem or use case
Hi, I have a question regarding the netty version used in the hivemq-mqtt-client. Currently, hivemq-mqtt-client is netty version using 4.1.48.Final that has some vulnerabilities and the latest version is 4.1.65.Final.
Here is the link to netty vulnerability : https://nvd.nist.gov/vuln/detail/CVE-2021-21290
I found that in develop-2 branch, it's updated to 4.1.60.Final but it was not included in the latest release 1.2.2.
Do you have any plan to update the version and when it will be?