Netty security issue

[Alexandru Mihail]

Hello all,

My name is Alexandru Craciun and I am a Software Engineer. I come to you with an issue: my company is using Selenium and our security software have identified two vulnerability issues in the Selenium jar:
1. https://nvd.nist.gov/vuln/detail/CVE-2021-37137
2. https://nvd.nist.gov/vuln/detail/CVE-2021-37136

It looks like this issue comes from the netty library and they fixed it in Netty 4.1.68. However, our security software still sees references to version 4.1.67. Is there any chance that the Netty library will be fully updated in selenium so that there are no references to version 4.1.67?

Thank a lot!
Regards,
Alexandru

[David Burns]

By the looks, Selenium 4.1 was updated in https://github.com/SeleniumHQ/selenium/commit/4c683dd4b66ec41faa448a03e1aa111d0b605e46 to use 4.1.69.Final.

If you upgrade you should get updated references.

David

--
You received this message because you are subscribed to the Google Groups "Selenium Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to selenium-develo...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/selenium-developers/cecba5a7-22b6-4ef0-a937-c31d133fac66n%40googlegroups.com.