The newest release of rsocket, that is1.1.3, is using reactor-bom with version 2020.0.23 that brings in reactor-netty in version 1.0.23.
This version is susceptible to CVE-2022-31684.
First version of reactor-netty that fixes that is 1.0.24 and is available in 2020.0.24
The newest release of rsocket, that is
1.1.3
, is usingreactor-bom
with version2020.0.23
that brings inreactor-netty
in version1.0.23
. This version is susceptible to CVE-2022-31684. First version ofreactor-netty
that fixes that is1.0.24
and is available in 2020.0.24Please bump the version to fix this.