Closed endevcy closed 1 year ago
SgtSilvio
commented
3 years ago Hi @endevcy As the hivemq-mqtt-client is a library, you can easily upgrade the dependency yourself. If you build your project with Gradle, you could do the following:
dependencies {
implementation("com.hivemq:hivemq-mqtt-client:1.2.2")
implementation(platform("io.netty:netty-bom:4.1.65.Final"))
}The 2.0.0 release of this library is planned but it is not yet clear when exactly it will happen.
endevcy
commented
3 years ago Hi @SgtSilvio thanks for your quick reply and the information.
I missed this information at first, but the problem is we're using the shaded library with Maven.
Can we assure that updating the netty version will not break any compatibility?
SgtSilvio
commented
3 years ago We have an internal project that uses the hivemq-mqtt-client and netty version 4.1.63.Final without any problems. In general an update to the last number in the netty version will not break compatibility (as long as there is no bug on the netty side). Regarding the shaded version, you currently have 2 options:
themonaminor
commented
2 years ago how to upgrade its version in docker image, as there is no source code, only jar file is available
pglombardo
commented
1 year ago Closing out the issue since it's gone inactive. If anything remains, please feel free to file a new issue anytime.
pglombardo
commented
11 months ago Hi all - thanks for pointing this out. Netty has been updated 4.1.99.Final in release 1.3.3 which is building now.
Problem or use case
Hi, I have a question regarding the netty version used in the hivemq-mqtt-client. Currently, hivemq-mqtt-client is netty version using 4.1.48.Final that has some vulnerabilities and the latest version is 4.1.65.Final.
Here is the link to netty vulnerability : https://nvd.nist.gov/vuln/detail/CVE-2021-21290
I found that in develop-2 branch, it's updated to 4.1.60.Final but it was not included in the latest release 1.2.2.
Do you have any plan to update the version and when it will be?