Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
SIP2-110: Update dependencies (CVE-2021-21295)
PR #78 has updated vertx-stack-depchain from 3.9.2 to 4.2.5, this has indirectly bumped netty from 4.1.49 to 4.1.72 fixing HTTP request smuggling: https://nvd.nist.gov/vuln/detail/CVE-2021-21295 and denial of service (DoS): https://nvd.nist.gov/vuln/detail/CVE-2021-37136 , https://nvd.nist.gov/vuln/detail/CVE-2021-37137 Update jackson from 2.10.2 to 2.11.4 by using the version from vertx-stack-depchain. This fixes an XML external entity (XXE) Injection: https://nvd.nist.gov/vuln/detail/CVE-2020-25649 Update freemarker from 2.3.28 to 2.3.31 fixing server-side template injection (SSTI): https://security.snyk.io/vuln/SNYK-JAVA-ORGFREEMARKER-1076795 Update guice from 4.2.3 to 5.1.0 fixing temp directory creation vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2020-8908 Update micrometer from 1.1.5 to 1.8.3. Update log4j from 2.17.0 to 2.17.2. Update junit from 5.7.0 to 5.8.2. Update mockito from 2.28.2 to 4.3.1. (cherry picked from commit 0d4f3a2)
- Loading branch information