Closed runnermann closed 3 years ago
@runnermann the latest beta is 4.0.0.Beta3
please try that instead as that milestone was releases more than 9m ago and it was just a showcase of the 4.0.0 branch at that time.
Yes! Thanks that solves the issue. No reported CVS. :)
On Oct 21, 2020, at 2:34 AM, Julien Viet notifications@github.com wrote:
Closed #560 https://github.com/vert-x3/issues/issues/560.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/vert-x3/issues/issues/560#event-3902868139, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGC7W75ITOLDEH6QJHRUC7TSL2TI7ANCNFSM4SZGAXKA.
While attempting to upgrade to vertx 4.0.0-milestone4, our project failed during compile time: The org.owasp dependency-check-maven reported that the netty dependency had a CVSS score was 9.1. The report provided the following:
Dependencies: netty-transport-4.1.42.Final.jar
CVE-2019-20444
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
CVSSv2:
CVSSv3: