aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--grpc/pom.xml15
1 files changed, 14 insertions, 1 deletions
diff --git a/grpc/pom.xml b/grpc/pom.xml
index 75721607..e73be6b3 100644
--- a/grpc/pom.xml
+++ b/grpc/pom.xml
@@ -34,10 +34,23 @@
<grpc.version>1.8.0</grpc.version>
</properties>
<dependencies>
+<!-- netty-codec-http2 excluded due to Security Issues:- CVE-2019-9512,CVE-2019-9514,CVE-2019-9515,CVE-2019-9518,CVE-2019-16869
+ and added invulnerable netty-codec-http2 4.1.42.Final -->
<dependency>
<groupId>io.grpc</groupId>
<artifactId>grpc-netty</artifactId>
<version>${grpc.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>io.netty</groupId>
+ <artifactId>netty-codec-http2</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>io.netty</groupId>
+ <artifactId>netty-codec-http2</artifactId>
+ <version>4.1.42.Final</version>
</dependency>
<dependency>
<groupId>io.grpc</groupId>
@@ -165,4 +178,4 @@
</plugins>
</pluginManagement>
</build>
-</project> \ No newline at end of file
+</project>