Update all dependencies for Sunflower (R1-2025) fixing CVE-2024-29025
Description
CSP Request Details
None
CSP Rejection Details
None
Potential Workaround
None
Checklist
hideActivity
Show:
Charlotte Whitt March 19, 2025 at 7:23 PM
That sounds all good to me
Julian Ladisch March 19, 2025 at 1:09 PM
Hi Charlotte, GitHub has the policy that the person that has opened the pull request cannot review it. Therefore I cannot review my own pull request. But I can merge it without code review.
Charlotte Whitt March 19, 2025 at 12:01 PM
Hi and - will one of you be able to do the code review so we can get the ticket closed?
Details
Assignee
Jakub SkoczenJakub SkoczenReporter
Julian LadischJulian LadischPriority
P2Sprint
Development Team
ThorRelease
Sunflower (R1 2025) Bug FixRCA Group
TBDTestRail: Cases
Open TestRail: CasesTestRail: Runs
Open TestRail: Runs
Details
Details
Assignee
Jakub SkoczenReporter
Julian LadischPriority
P2Sprint
Development Team
Thor
Release
Sunflower (R1 2025) Bug Fix
RCA Group
TBD
TestRail: Cases
Open TestRail: Cases
TestRail: Runs
Open TestRail: Runs
Created March 14, 2025 at 6:28 PM
Updated 5 days ago
The indirect netty update fixes this HttpPostRequestDecoder OOM vulnerability:
https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v