Vert.x 4.5.9, Netty 4.1.111, Apache sshd/sftp 2.13.2

Description

Upgrade Vert.x from 4.5.4 to 4.5.9.

This indirectly upgrades Netty from 4.1.107.Final to 4.1.111.Final fixing Allocation of Resources Without Limits or Throttling: https://security.snyk.io/package/maven/io.netty:netty-codec-http/4.1.107.Final

Upgrade Apache SSHD/SFTP from 2.8.0/2.9.0 to 2.13.2 fixing vulnerabilities:

To avoid diverging versions use dependencyManagement for vertx and testcontainers.

CSP Request Details

None

CSP Rejection Details

None

Potential Workaround

None

Linked issues

implements

SECURITY-184

CVE-2024-41909 - org.apache.sshd_sshd-common - Analysis of vulnerability - Quesnelia

relates to

MODINVOICE-558

Release 5.8.3 (Quesnelia R1 2024 CSP) - fix Vert.x, Netty, Apache SSHD/SFTP

MODINVOICE-559

Release 5.7.3 (Poppy R2 2023 CSP) - Apache SFTP security fix

Checklist

hide

Activity

Show:

Serhii_NoskoSeptember 5, 2024 at 5:54 AM

Fixed in scope of https://github.com/folio-org/mod-invoice/pull/504 , closing

Done

Details
Assignee
Julian Ladisch
Reporter
Julian Ladisch
Labels
security
Priority
P2
Development Team
Thunderjet
Fix versions
5.9.0
Release
Ramsons (R2 2024)
RCA Group
Third party component integration
Affected releases
Quesnelia (R1 2024)
Poppy (R2 2023)
TestRail: Cases
Open TestRail: Cases
TestRail: Runs
Open TestRail: Runs

Created September 3, 2024 at 4:14 PM

Updated October 14, 2024 at 12:44 PM

Resolved September 5, 2024 at 5:54 AM

Configure

TestRail: Cases

TestRail: Runs

Vert.x 4.5.9, Netty 4.1.111, Apache sshd/sftp 2.13.2

Description

CSP Request Details

CSP Rejection Details

Potential Workaround

Linked issues

implements

relates to

Checklist

Activity

Serhii_NoskoSeptember 5, 2024 at 5:54 AM

Details

Assignee

Reporter

Labels

Priority

Development Team

Fix versions

Release

RCA Group

Affected releases

TestRail: Cases

TestRail: Runs

Flag notifications

Something's gone wrong

Something's gone wrong