You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by "Jan Busch (Jira)" <se...@james.apache.org> on 2020/04/09 09:59:01 UTC
[jira] [Commented] (JAMES-2208) upgrade netty to netty-all
[ https://issues.apache.org/jira/browse/JAMES-2208?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17079133#comment-17079133 ]
Jan Busch commented on JAMES-2208:
----------------------------------
I think an upgrade would still be great since the latest Netty 3 version has some security flaws that are fixed in newer versions of Netty 4, see the attached file [^dependency-check-report.html]
This can make it problematic to use James in contexts with potentially sensitive software or users.
> upgrade netty to netty-all
> --------------------------
>
> Key: JAMES-2208
> URL: https://issues.apache.org/jira/browse/JAMES-2208
> Project: James Server
> Issue Type: Improvement
> Components: James Core
> Affects Versions: 3.0.0
> Reporter: Randymo
> Priority: Major
> Attachments: dependency-check-report.html
>
>
> James is currently using the netty dependency
> <dependency>
> <groupId>io.netty</groupId>
> <artifactId>netty</artifactId>
> <version>3.10.6.Final</version>
> </dependency>
> I think we should upgrade to the newer artifact
> <dependency>
> <groupId>io.netty</groupId>
> <artifactId>netty-all</artifactId>
> <version>4.1.16.Final</version>
> </dependency>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org