Upgrade netty version#164
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request adds a dependency on io.netty:netty:3.9.9.Final to the adls-plugins pom.xml. The review feedback correctly identifies that hardcoding dependency versions in child modules reduces maintainability and highlights that Netty 3.9.9.Final is an outdated version with known security vulnerabilities. It is recommended to manage the dependency version in the parent POM and upgrade to a secure version.
| <dependency> | ||
| <groupId>io.netty</groupId> | ||
| <artifactId>netty</artifactId> | ||
| <version>3.9.9.Final</version> | ||
| </dependency> |
There was a problem hiding this comment.
Hardcoding dependency versions in child modules reduces maintainability and can lead to version mismatch issues across the project. It is highly recommended to define the version in the parent pom.xml (either under properties or dependencyManagement) and reference it here using a property.
Additionally, Netty 3.9.9.Final is an extremely old version with multiple known security vulnerabilities (CVEs). If a 3.x version is strictly required due to legacy dependencies, please consider upgrading to at least 3.10.6.Final. Otherwise, upgrading to a supported 4.x version is strongly recommended.
| <dependency> | |
| <groupId>io.netty</groupId> | |
| <artifactId>netty</artifactId> | |
| <version>3.9.9.Final</version> | |
| </dependency> | |
| <dependency> | |
| <groupId>io.netty</groupId> | |
| <artifactId>netty</artifactId> | |
| <version>${netty.version}</version> | |
| </dependency> |
sidhdirenge
force-pushed
the
jetski/fix-vulns-jackson-netty
branch
from
c48bf84 to
7634a8d
Compare
1 participant
No description provided.