Update netty dependency to recommended version

komoot / photon

an open source geocoder for openstreetmap data

Apache License 2.0

1.83k stars 278 forks source link

Update netty dependency to recommended version #788

Closed mkesper closed 2 months ago

mkesper commented 2 months ago

Netty 3.10.6 is from 2016 and contains several CVEs, one considered critical. Please upgrade to netty 4.1 (recommended) https://netty.io/downloads.html https://avd.aquasec.com/nvd/cve-2019-20444

lonvia commented 2 months ago

The netty dependency is bound to ES 5.5, which in itself needs urgent replacement. If you are interested in supporting this work, please get in touch. You can also see if #767 works for you.

Closing as duplicate of #325.