Greetings! Today we've released new versions of both the 4.x and 3.x Java driver.
The primary feature of this release is an upgrade to Netty which addresses a number of security issues. Both the 4.x and 3.x Java driver now use the same version of Netty which should make behavior across versions more consistent. Where possible other components have been upgraded to address security concerns as well. These additional upgrades for 3.11.2 in particular were fairly limited;
JAVA-3014 provides some additional context for these decisions.
The full changelog for the 4.14.1 release is as follows:
- [improvement] JAVA-3013: Upgrade dependencies to address CVEs and other security issues, 4.14.1 edition
- [improvement] JAVA-3003: Update jnr-posix to address CVE-2014-4043
- [improvement] JAVA-2977: Update Netty to resolve higher-priority CVEs
The full changelog for the 3.11.2 release is as follows:
- [improvement] JAVA-3008: Upgrade Netty to 4.1.75, 3.x edition
- [improvement] JAVA-2984: Upgrade Jackson to resolve high-priority CVEs
As usual these new versions of the Java driver are available from Maven Central.
Thanks!
- Bret -