aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKanagaraj Manickam <kanagaraj.manickam@huawei.com>2020-02-21 04:52:18 +0000
committerGerrit Code Review <gerrit@onap.org>2020-02-21 04:52:18 +0000
commit190967fc2c85f7f17ebf6e94e41b3714de644d3e (patch)
treef6c72c0245eacf40d5cfc2201725c7ed686f31e9
parent3ff640dfea6044dc098d3e2e62dc534615694e0c (diff)
parentb1bcdf751e5fcd35c66a6ebfd06c74d12fc572ff (diff)
Merge "Change dependency version for netty-codec-http2"
-rw-r--r--grpc/pom.xml15
1 files changed, 14 insertions, 1 deletions
diff --git a/grpc/pom.xml b/grpc/pom.xml
index 75721607..e73be6b3 100644
--- a/grpc/pom.xml
+++ b/grpc/pom.xml
@@ -34,10 +34,23 @@
<grpc.version>1.8.0</grpc.version>
</properties>
<dependencies>
+<!-- netty-codec-http2 excluded due to Security Issues:- CVE-2019-9512,CVE-2019-9514,CVE-2019-9515,CVE-2019-9518,CVE-2019-16869
+ and added invulnerable netty-codec-http2 4.1.42.Final -->
<dependency>
<groupId>io.grpc</groupId>
<artifactId>grpc-netty</artifactId>
<version>${grpc.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>io.netty</groupId>
+ <artifactId>netty-codec-http2</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>io.netty</groupId>
+ <artifactId>netty-codec-http2</artifactId>
+ <version>4.1.42.Final</version>
</dependency>
<dependency>
<groupId>io.grpc</groupId>
@@ -165,4 +178,4 @@
</plugins>
</pluginManagement>
</build>
-</project> \ No newline at end of file
+</project>