These belong to netty, you could bump up Netty version to fix this. Sheng Wu 吴晟 Twitter, wusheng1108
Wangpeng(Forest,APM2.0) <[email protected]> 于2022年4月21日周四 15:56写道: > > Hi Community: > Some tool says there is a risk(CVE-2021-35940) in > libnetty_tcnative_linux_aarch_64.so, libnetty_tcnative_osx_x86_64.jnilib and > netty_tcnative_windows_x86_64.dll. > I found the following fragment in pom.xml in apm-agent-core module: > <configuration> > <target> > <echo message="unjar" /> > <unzip > src="${project.build.directory}/${project.artifactId}-${project.version}.jar" > dest="${project.build.directory}/unpacked/" /> > <echo message="rename service providers in > META-INF/services" /> > <move > file="${project.build.directory}/unpacked/META-INF/native/libnetty_tcnative_osx_aarch_64.jnilib" > > tofile="${project.build.directory}/unpacked/META-INF/native/liborg_apache_skywalking_apm_dependencies_netty_tcnative_osx_x86_64.jnilib" > /> > <move > file="${project.build.directory}/unpacked/META-INF/native/libnetty_tcnative_linux_x86_64.so" > > tofile="${project.build.directory}/unpacked/META-INF/native/liborg_apache_skywalking_apm_dependencies_netty_tcnative_linux_x86_64.so" > /> > <move > file="${project.build.directory}/unpacked/META-INF/native/netty_tcnative_windows_x86_64.dll" > > tofile="${project.build.directory}/unpacked/META-INF/native/org_apache_skywalking_apm_dependencies_netty_tcnative_windows_x86_64.dll" > /> > <echo message="jar back" /> > <jar > destfile="${project.build.directory}/${project.artifactId}-${project.version}.jar" > basedir="${project.build.directory}/unpacked" /> > </target> > </configuration> > Can anybody tell me how these three files are created? And how can I > update them? > Thank you very much!
