Update io.vertx : vertx-core : 4.4.1 -> 4.4.6 for security patch

Question

Update io.vertx : vertx-core : 4.4.1 -> 4.4.6 for security patch

smugleafdev opened this issue a year ago · comments

Netty http2 CVE is fixed in 4.1.100.final and was pulled into vertx 4.4.6 (vertx release notes here). This is a transitive dependency through marathon.

https://nvd.nist.gov/vuln/detail/CVE-2023-44487
https://www.cve.org/CVERecord?id=CVE-2023-44487

com.malinskiy.marathon : vendor-android : 0.8.4
|_> com.malinskiy.adam : adam : 0.5.1
|___>io.vertx : vertx-core : 4.4.1
|_____>io.netty : netty-codec-http2 : 4.1.90.final

Anton Malinski · Answer 1 · Tue Nov 14 2023 14:20:06 GMT+0800 (China Standard Time)

Closed via #858