search

hivemq / hivemq-mqtt-client

HiveMQ MQTT Client is an MQTT 5.0 and MQTT 3.1.1 compatible and feature-rich high-performance Java client library with different API flavours and backpressure support
https://hivemq.github.io/hivemq-mqtt-client/
Apache License 2.0
832 stars 153 forks source link

Upgrade netty-codec To 4.1.80.Final #542

Closed UcanInfosec closed 1 year ago

UcanInfosec commented 1 year ago

Upgrade the use of netty-code To 4.1.80.Final to remove 2 CVEs in the code

SgtSilvio commented 1 year ago

Hi @UcanInfosec As the hivemq-mqtt-client is a library, you can easily upgrade the dependency yourself. If you build your project with Gradle, you could do the following:

dependencies {
    implementation("com.hivemq:hivemq-mqtt-client:1.3.0")
    implementation(platform("io.netty:netty-bom:4.1.80.Final"))
}

The next release of this library will of course upgrade the dependency by default so that no extra configuration is needed. The next release will happen once we get to it which might actually happen soon.

UcanInfosec commented 1 year ago

@SgtSilvio Thanks. Although I can do this myself, I want it to get incorporated into the next release