[
https://issues.apache.org/jira/browse/JAMES-2208?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17079133#comment-17079133
]
Jan Busch commented on JAMES-2208:
----------------------------------
I think an upgrade would still be great since the latest Netty 3 version has
some security flaws that are fixed in newer versions of Netty 4, see the
attached file [^dependency-check-report.html]
This can make it problematic to use James in contexts with potentially
sensitive software or users.
> upgrade netty to netty-all
> --------------------------
>
> Key: JAMES-2208
> URL: https://issues.apache.org/jira/browse/JAMES-2208
> Project: James Server
> Issue Type: Improvement
> Components: James Core
> Affects Versions: 3.0.0
> Reporter: Randymo
> Priority: Major
> Attachments: dependency-check-report.html
>
>
> James is currently using the netty dependency
> <dependency>
> <groupId>io.netty</groupId>
> <artifactId>netty</artifactId>
> <version>3.10.6.Final</version>
> </dependency>
> I think we should upgrade to the newer artifact
> <dependency>
> <groupId>io.netty</groupId>
> <artifactId>netty-all</artifactId>
> <version>4.1.16.Final</version>
> </dependency>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org
