[ https://issues.apache.org/jira/browse/OLINGO-1493?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17232395#comment-17232395 ]
Norman commented on OLINGO-1493: -------------------------------- Hi Michael, Thank you for the update and your efforts. Looking forward to the updated version. Let me know if I can help. Bests Norman > Security Vulnerabilities in direct dependency netty-codec-http > -------------------------------------------------------------- > > Key: OLINGO-1493 > URL: https://issues.apache.org/jira/browse/OLINGO-1493 > Project: Olingo > Issue Type: Bug > Components: odata4-server > Affects Versions: (Java) V4 4.7.1 > Reporter: Norman > Assignee: mibo > Priority: Major > > Dear Olingo Community, > odata-server-api and odata-server-core 4.7.1 have a direct dependency on > io.netty *netty-codec-http 4.1.43.Final* > This version has known security vulnerabilities ranked with medium and high > CVSS score. > See: > https://snyk.io/vuln/SNYK-JAVA-IONETTY-1020439 -> fixed in 4.1.53Final or > higher > https://snyk.io/vuln/SNYK-JAVA-IONETTY-543669 -> fixed in 4.1.44.Final or > higher > https://snyk.io/vuln/SNYK-JAVA-IONETTY-543490 -> fixed in 4.1.44.Final or > higher > Upgrading the dependency to 4.1.53Final would fix the issue. > > P.S. com.fasterxml.jackson.core » jackson-core 2.10.0 is outdated, too and > could be upgraded to 2.11.3 > > Additional Links: > https://mvnrepository.com/artifact/org.apache.olingo/odata-server-core/4.7.1 > https://mvnrepository.com/artifact/org.apache.olingo/odata-server-api/4.7.1 -- This message was sent by Atlassian Jira (v8.3.4#803005)