[skywalking-java] branch main updated: fix CVE-2023-4586 (#632)

Tue, 24 Oct 2023 04:29:47 -0700 

This is an automated email from the ASF dual-hosted git repository.

wusheng pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/skywalking-java.git


The following commit(s) were added to refs/heads/main by this push:
     new c94b409b28 fix CVE-2023-4586 (#632)
c94b409b28 is described below

commit c94b409b2819aec81b49b90d1974bfa54900faaa
Author: alan <252491...@qq.com>
AuthorDate: Tue Oct 24 19:28:02 2023 +0800

    fix CVE-2023-4586 (#632)
    
    Co-authored-by: za-liuyonghua <yonghua....@zatech.com>
---
 CHANGES.md            | 1 +
 dist-material/LICENSE | 2 +-
 pom.xml               | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index eab5a4afde..96a55eaaa1 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -16,6 +16,7 @@ Release Notes.
 * To compatible upper and lower case Oracle TNS url parse.
 * Fix config length limitation.
 * Support collecting ZGC memory pool metrics. Require OAP 9.7.0 to support 
these new metrics.
+* Upgrade netty-codec-http2 to 4.1.100.Final
 
 
 #### Documentation
diff --git a/dist-material/LICENSE b/dist-material/LICENSE
index 27cdba1bdb..f8a5552565 100755
--- a/dist-material/LICENSE
+++ b/dist-material/LICENSE
@@ -221,7 +221,7 @@ The text of each license is the standard Apache 2.0 license.
     Google: proto-google-common-protos 2.0.1: 
https://github.com/googleapis/googleapis , Apache 2.0
     Google: jsr305 3.0.2: 
http://central.maven.org/maven2/com/google/code/findbugs/jsr305/3.0.0/jsr305-3.0.0.pom
 , Apache 2.0
     Google: guava 32.0.1: https://github.com/google/guava , Apache 2.0
-    netty 4.1.94: https://github.com/netty/netty/blob/4.1/LICENSE.txt, Apache 
2.0
+    netty 4.1.100: https://github.com/netty/netty/blob/4.1/LICENSE.txt, Apache 
2.0
 
 ========================================================================
 BSD licenses
diff --git a/pom.xml b/pom.xml
index 828041e9ee..3182775be8 100755
--- a/pom.xml
+++ b/pom.xml
@@ -88,7 +88,7 @@
         <!-- core lib dependency -->
         <bytebuddy.version>1.14.4</bytebuddy.version>
         <grpc.version>1.50.0</grpc.version>
-        <netty.version>4.1.94.Final</netty.version>
+        <netty.version>4.1.100.Final</netty.version>
         <gson.version>2.8.9</gson.version>
         <os-maven-plugin.version>1.6.2</os-maven-plugin.version>
         <protobuf-maven-plugin.version>0.6.1</protobuf-maven-plugin.version>

Reply via email to