Update pom.xml to use newer version of AWS SDK - Githubissues

prometheus / cloudwatch_exporter

Metrics exporter for Amazon AWS CloudWatch

Apache License 2.0

906 stars 325 forks source link

Update pom.xml to use newer version of AWS SDK #711

Closed a-m-a-r-t-i-n closed 3 months ago

a-m-a-r-t-i-n commented 4 months ago

Description

This PR bumps the AWS SDK to pull in a newer version of Netty as v4.1.107.Final has been flagged with a CVE https://nvd.nist.gov/vuln/detail/CVE-2024-29025 for io.netty_netty-codec-http

Testing

Confirmed newer version of affected package is pulled in

Downloading from central: https://repo.maven.apache.org/maven2/io/netty/netty-codec-http/4.1.111.Final/netty-codec-http-4.1.111.Final.pom
Downloaded from central: https://repo.maven.apache.org/maven2/io/netty/netty-codec-http/4.1.111.Final/netty-codec-http-4.1.111.Final.pom (4.4 kB at 546 kB/s)