From 3f1e0d301510761230ad848a4a4a56e8d5183460 Mon Sep 17 00:00:00 2001 From: Petar Petrov Date: Thu, 13 Jun 2024 10:35:22 +0200 Subject: [PATCH 1/2] Bump Netty to 4.1.108.Final due to CVE-2024-29025 See https://github.com/advisories/GHSA-5jpm-x58v-624v --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 1a5d49304..409b5ac23 100644 --- a/pom.xml +++ b/pom.xml @@ -154,7 +154,7 @@ - 4.1.104.Final + 4.1.108.Final 5.6.0 1.7.21 UTF-8 From aeb59b28c2e50c2b9ab3728a5f131266b4d85670 Mon Sep 17 00:00:00 2001 From: Petar Petrov Date: Fri, 14 Jun 2024 10:42:09 +0200 Subject: [PATCH 2/2] Bump Netty to 4.1.111 and update README --- README.md | 2 +- pom.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 09947977e..0ed8124c4 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ If you use [Maven](http://maven.apache.org/), you can add Pushy to your project If you don't use Maven (or something else that understands Maven dependencies, like Gradle), you can [download Pushy as a `.jar` file](https://github.com/jchambers/pushy/releases/download/pushy-0.15.4/pushy-0.15.4.jar) and add it to your project directly. You'll also need to make sure you have Pushy's runtime dependencies on your classpath. They are: -- [netty 4.1.104](http://netty.io/) +- [netty 4.1.111](http://netty.io/) - [slf4j 1.7](http://www.slf4j.org/) (and possibly an SLF4J binding, as described in the [logging](#logging) section below) - [fast-uuid 0.1](https://github.com/jchambers/fast-uuid) diff --git a/pom.xml b/pom.xml index 409b5ac23..4d213b44b 100644 --- a/pom.xml +++ b/pom.xml @@ -154,7 +154,7 @@ - 4.1.108.Final + 4.1.111.Final 5.6.0 1.7.21 UTF-8