search

scalecube / scalecube-cluster

ScaleCube Cluster is a lightweight Java VM implementation of SWIM: Scalable Weakly-consistent Infection-style Process Group Membership Protocol. features cluster membership, failure detection, and gossip protocol library.
http://scalecube.github.io/
Apache License 2.0
263 stars 88 forks source link

Update dependencies #374

Closed pflueras closed 2 years ago

pflueras commented 2 years ago

Along the way, io.netty transitive dependencies are upgraded as well. Current io.netty dependencies have CVEs.

pflueras commented 2 years ago

For the record, Netty prior to version 4.1.71.Final has this vulnerability: CVE-2021-43797

b9r5 commented 2 years ago

Would it be possible to get this reviewed? It's a well-known vulnerability and the fix appears to be straightforward.

artem-v commented 2 years ago

Upgraded dependencies in https://github.com/scalecube/scalecube-cluster/releases/tag/2.6.13. Closing.