[GitHub] [skywalking] sonatype-lift[bot] commented on a change in pull request #7215: Upgrade etcd cluster coordinator and dynamic configuration to v3.x

[GitBox]

sonatype-lift[bot] commented on a change in pull request #7215:
URL: https://github.com/apache/skywalking/pull/7215#discussion_r662916644



##########
File path: oap-server/server-library/library-client/pom.xml
##########
@@ -47,6 +47,18 @@
             <groupId>io.grpc</groupId>
             <artifactId>grpc-netty</artifactId>
         </dependency>
+        <dependency>
+            <groupId>io.netty</groupId>
+            <artifactId>netty-codec-http2</artifactId>
+        </dependency>
+        <dependency>

Review comment:
       *Critical OSS Vulnerability:*  &nbsp;
   ### pkg:maven/io.netty/netty-handler
   1 Critical, 0 Severe, 0 Moderate and 0 Unknown vulnerabilities have been 
found in a direct dependency 
   
   
   
   <!-- Lift_Details -->
   <details>
   <summary><b>CRITICAL Vulnerabilities (1)</b></summary>
   
   <ul>
   
     ***
     > #### [CVE-2016-4970] handler/ssl/OpenSslEngine.java in Netty 4.0.x 
before 4.0.37.Final and 4.1.x befo...
     > handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 
4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service 
(infinite loop).
     >
     > **CVSS Score:** 7.5
     >
     > **CVSS Vector:** CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
   
     ***
   </ul>
   
   </details>
   
   (at-me [in a reply](https://help.sonatype.com/lift) with `help` or `ignore`)

##########
File path: oap-server/server-library/library-server/pom.xml
##########
@@ -59,5 +59,21 @@
             <groupId>org.eclipse.jetty</groupId>
             <artifactId>jetty-servlet</artifactId>
         </dependency>
+        <dependency>

Review comment:
       *Critical OSS Vulnerability:*  &nbsp;
   ### pkg:maven/io.netty/netty-handler
   1 Critical, 0 Severe, 0 Moderate and 0 Unknown vulnerabilities have been 
found in a direct dependency 
   
   
   
   <!-- Lift_Details -->
   <details>
   <summary><b>CRITICAL Vulnerabilities (1)</b></summary>
   
   <ul>
   
     ***
     > #### [CVE-2016-4970] handler/ssl/OpenSslEngine.java in Netty 4.0.x 
before 4.0.37.Final and 4.1.x befo...
     > handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 
4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service 
(infinite loop).
     >
     > **CVSS Score:** 7.5
     >
     > **CVSS Vector:** CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
   
     ***
   </ul>
   
   </details>
   
   (at-me [in a reply](https://help.sonatype.com/lift) with `help` or `ignore`)




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@skywalking.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org