This repository has been archived by the owner on Dec 13, 2023. It is now read-only.
OWASP Dependency check... #229
Comments
|
Have you noticed that most of the reported CVE's describe HTTP or compression-related components? None of these apply to the driver because the driver isn't using HTTP, BZIP, or Snappy. In any case, please upgrade the Netty version in your project to avoid dependency checker warnings. |
|
Thank you for the very speedy response. Unfortunately I am on the latest version of netty 4.1.74.Final and latest dependency checker. Perhaps I need to raise this with them... |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hello,
I am getting critical failures from owasp dependency checker and I wondered if there were any plans for a new release to combat these please? Obviously this is the recommended reactive database drivers for mysql from here: https://spring.io/projects/spring-data-r2dbc.
Or if this repo is not as active should I migrate code to the other option: https://github.com/jasync-sql/jasync-sql
The dependency failures for your awareness are:
netty-tcnative-classes-2.0.48.Final.jar: CVE-2021-43797, CVE-2019-16869, CVE-2015-2156, CVE-2021-37136, CVE-2014-3488, CVE-2021-37137, CVE-2019-20445, CVE-2019-20444, CVE-2021-21295, CVE-2021-21409, CVE-2021-21290
netty-incubator-codec-classes-quic-0.0.25.Final.jar: CVE-2021-43797, CVE-2019-16869, CVE-2015-2156, CVE-2021-37136, CVE-2014-3488, CVE-2021-37137, CVE-2019-20445, CVE-2019-20444, CVE-2021-21295, CVE-2021-21409, CVE-2021-21290
The text was updated successfully, but these errors were encountered: