Ktor: Update netty to mitigate CVE-2019-16869

Created on 20 Nov 2019  路  2Comments  路  Source: ktorio/ktor

Please update netty_server (currently 4.1.37.Final) to latest recommended stable (4.1.43.Final) to mitigate the impact of CVE-2019-16869.

bug
Source
picture riedeljan
👍1

Most helpful comment

Hi @riedeljan, thanks for the report. We'll fix it.
You can add 4.1.43 netty dependency by hand to override the ktor version for now as workaround.

picture e5l on 22 Nov 2019
👍3 🎉1

All 2 comments

Hi @riedeljan, thanks for the report. We'll fix it.
You can add 4.1.43 netty dependency by hand to override the ktor version for now as workaround.

e5l picture e5l on 22 Nov 2019
👍3 🎉1

In gradle, I put a block like this :

configurations.all {
    resolutionStrategy {
        // To be deleted when issue https://github.com/ktorio/ktor/issues/1452 is closed
        force("io.netty:netty-codec-http2:4.1.43.Final")
        force("io.netty:netty-transport-native-kqueue:4.1.43.Final")
        force("io.netty:netty-transport-native-epoll:4.1.43.Final")
        force("io.netty:netty-codec-http:4.1.43.Final")
        force("io.netty:netty-handler:4.1.43.Final")
        force("io.netty:netty-codec:4.1.43.Final")
        force("io.netty:netty-transport:4.1.43.Final")
        force("io.netty:netty-transport:4.1.43.Final")
        force("io.netty:netty-buffer:4.1.43.Final")
        force("io.netty:netty-resolver:4.1.43.Final")
        force("io.netty:netty-common:4.1.43.Final")
    }
}

If it helps ...

herveDarritchon picture herveDarritchon on 3 Dec 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

evgfilim1 picture evgfilim1  路  4Comments
scorsi picture scorsi  路  4Comments
r4zzz4k picture r4zzz4k  路  4Comments
gabin8 picture gabin8  路  4Comments
diaodou picture diaodou  路  3Comments