Change dependency version for netty-codec-http2

author jitendra sharma <jitendra.sharma1@huawei.com>

Thu, 23 Jan 2020 12:45:53 +0000 (12:45 +0000)

committer jitendra sharma <jitendra.sharma1@huawei.com>

Thu, 23 Jan 2020 12:48:32 +0000 (12:48 +0000)
author jitendra sharma <jitendra.sharma1@huawei.com>
Thu, 23 Jan 2020 12:45:53 +0000 (12:45 +0000)
committer jitendra sharma <jitendra.sharma1@huawei.com>
Thu, 23 Jan 2020 12:48:32 +0000 (12:48 +0000)
diff --git a/grpc/pom.xml b/grpc/pom.xml

index 7572160..e73be6b 100644 (file)
--- a/grpc/pom.xml
+++ b/grpc/pom.xml
@@ -34,10 +34,23 @@
      <grpc.version>1.8.0</grpc.version>
    </properties>
    <dependencies>
+<!-- netty-codec-http2 excluded due to Security Issues:- CVE-2019-9512,CVE-2019-9514,CVE-2019-9515,CVE-2019-9518,CVE-2019-16869
+ and added invulnerable netty-codec-http2 4.1.42.Final -->
      <dependency>
        <groupId>io.grpc</groupId>
        <artifactId>grpc-netty</artifactId>
        <version>${grpc.version}</version>
+       <exclusions>
+        <exclusion>
+           <groupId>io.netty</groupId>
+            <artifactId>netty-codec-http2</artifactId>
+            </exclusion>
+      </exclusions>
+    </dependency>
+    <dependency>
+        <groupId>io.netty</groupId>
+        <artifactId>netty-codec-http2</artifactId>
+        <version>4.1.42.Final</version>
      </dependency>
      <dependency>
        <groupId>io.grpc</groupId>
@@ -165,4 +178,4 @@
              </plugins>
          </pluginManagement>
    </build>
-</project>
-\ No newline at end of file
+</project>
author	jitendra sharma <jitendra.sharma1@huawei.com>
	Thu, 23 Jan 2020 12:45:53 +0000 (12:45 +0000)
committer	jitendra sharma <jitendra.sharma1@huawei.com>
	Thu, 23 Jan 2020 12:48:32 +0000 (12:48 +0000)