Describe the bug
Currently Finagle library has Netty version as <=4.1.78.Final which is vulnerable with https://nvd.nist.gov/vuln/detail/CVE-2023-34462. To remove this Netty version should be >= 4.1.94.Final. So for this finagle library should be updated with netty version >= 4.1.94.Final.
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Environment
For web, specify your OS and browser version. For mobile, specify device, OS
and version. For libraries, what version of build tools are you using?
Additional context
Add any other context about the problem here.
I updated my local setup to force version 4.1.100 and seems to be working okay. Surprised there isn't an active fork for this project given its status.
Describe the bug Currently Finagle library has Netty version as <=4.1.78.Final which is vulnerable with https://nvd.nist.gov/vuln/detail/CVE-2023-34462. To remove this Netty version should be >= 4.1.94.Final. So for this finagle library should be updated with netty version >= 4.1.94.Final.
Requested the Finagle library release for Netty version bump to 4.1.94.Final for CVE-2023-34462 fix. Netty Commit: https://github.com/netty/netty/commit/535da17e45201ae4278c0479e6162bb4127d4c32
To Reproduce Steps to reproduce the behavior:
Expected behavior A clear and concise description of what you expected to happen.
Screenshots If applicable, add screenshots to help explain your problem.
Environment For web, specify your OS and browser version. For mobile, specify device, OS and version. For libraries, what version of build tools are you using?
Additional context Add any other context about the problem here.