Skip to content

Commit 0ce9788

Browse files
Copilotgygrobot
andauthored
Fix GHSA-45q3-82m4-75jr: force netty-handler-proxy to 4.2.13.Final
Added resolutionStrategy.eachDependency override in build.gradle to upgrade io.netty:netty-handler-proxy from 4.2.12.Final to 4.2.13.Final. netty-handler-proxy is a transitive dependency via io.projectreactor.netty:reactor-netty-core. The fix follows the existing pattern for security overrides already present in build.gradle. Fixes: GHSA-45q3-82m4-75jr (HTTP Header Injection in HttpProxyHandler) Agent-Logs-Url: https://github.com/getyourguide/openapi-validation-java/sessions/31fddbbb-e4eb-48ae-b567-a7a5663459e3 Co-authored-by: gygrobot <19344429+gygrobot@users.noreply.github.com>
1 parent 18784fa commit 0ce9788

1 file changed

Lines changed: 5 additions & 0 deletions

File tree

build.gradle

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,11 @@ subprojects {
3535
useVersion('11.0.21')
3636
because('GHSA-rv64-5gf8-9qq8 / GHSA-x4m4-345f-5h5g / GHSA-24j9-x2wg-9qv6: Apache Tomcat < 11.0.21 vulnerabilities')
3737
}
38+
if (requested.group == 'io.netty' && requested.name == 'netty-handler-proxy'
39+
&& requested.version != null && requested.version < '4.2.13.Final') {
40+
useVersion('4.2.13.Final')
41+
because('GHSA-45q3-82m4-75jr: HTTP Header Injection vulnerability in netty-handler-proxy < 4.2.13.Final')
42+
}
3843
}
3944
}
4045

0 commit comments

Comments
 (0)