Netty security issue

42 views
Skip to first unread message

Alexandru Mihail

unread,
Dec 8, 2021, 4:30:51 AM12/8/21
to Selenium Developers

Hello all,


My name is Alexandru Craciun and I am a Software Engineer. I come to you with an issue: my company is using Selenium and our security software have identified two vulnerability issues in the Selenium jar:
1. https://nvd.nist.gov/vuln/detail/CVE-2021-37137
2. https://nvd.nist.gov/vuln/detail/CVE-2021-37136


It looks like this issue comes from the netty library and they fixed it in Netty 4.1.68. However, our security software still sees references to version 4.1.67. Is there any chance that the Netty library will be fully updated in selenium so that there are no references to version 4.1.67?


Thank a lot!
Regards,
Alexandru

David Burns

unread,
Dec 8, 2021, 4:45:28 AM12/8/21
to selenium-...@googlegroups.com
By the looks, Selenium 4.1 was updated in https://github.com/SeleniumHQ/selenium/commit/4c683dd4b66ec41faa448a03e1aa111d0b605e46 to use 4.1.69.Final.

If you upgrade you should get updated references.

David

--
You received this message because you are subscribed to the Google Groups "Selenium Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to selenium-develo...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/selenium-developers/cecba5a7-22b6-4ef0-a937-c31d133fac66n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages