Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit ef830e9

Browse files
jorgeepditommaso
authored andcommitted
Fix netty CVE-2026-44249 via AWS SDK bump and azure-core-http-netty pin (nextflow-io#7223)
Signed-off-by: jorgee <[email protected]> (cherry picked from commit ab6a6e6)
1 parent 81c35b4 commit ef830e9

3 files changed

Lines changed: 20 additions & 24 deletions

File tree

plugins/nf-amazon/build.gradle

Lines changed: 14 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -57,20 +57,20 @@ dependencies {
5757
compileOnly 'org.pf4j:pf4j:3.14.1'
5858

5959
api ('javax.xml.bind:jaxb-api:2.4.0-b180830.0359')
60-
api ('software.amazon.awssdk:s3:2.44.3')
61-
api ('software.amazon.awssdk:ec2:2.44.3')
62-
api ('software.amazon.awssdk:batch:2.44.3')
63-
api ('software.amazon.awssdk:iam:2.44.3')
64-
api ('software.amazon.awssdk:ecs:2.44.3')
65-
api ('software.amazon.awssdk:cloudwatchlogs:2.44.3')
66-
api ('software.amazon.awssdk:codecommit:2.44.3')
67-
api ('software.amazon.awssdk:sts:2.44.3')
68-
api ('software.amazon.awssdk:ses:2.44.3')
69-
api ('software.amazon.awssdk:sso:2.44.3')
70-
api ('software.amazon.awssdk:ssooidc:2.44.3')
71-
api ('software.amazon.awssdk:s3-transfer-manager:2.44.3')
72-
api ('software.amazon.awssdk:apache-client:2.44.3')
73-
api ('software.amazon.awssdk:aws-crt-client:2.44.3')
60+
api ('software.amazon.awssdk:s3:2.46.8')
61+
api ('software.amazon.awssdk:ec2:2.46.8')
62+
api ('software.amazon.awssdk:batch:2.46.8')
63+
api ('software.amazon.awssdk:iam:2.46.8')
64+
api ('software.amazon.awssdk:ecs:2.46.8')
65+
api ('software.amazon.awssdk:cloudwatchlogs:2.46.8')
66+
api ('software.amazon.awssdk:codecommit:2.46.8')
67+
api ('software.amazon.awssdk:sts:2.46.8')
68+
api ('software.amazon.awssdk:ses:2.46.8')
69+
api ('software.amazon.awssdk:sso:2.46.8')
70+
api ('software.amazon.awssdk:ssooidc:2.46.8')
71+
api ('software.amazon.awssdk:s3-transfer-manager:2.46.8')
72+
api ('software.amazon.awssdk:apache-client:2.46.8')
73+
api ('software.amazon.awssdk:aws-crt-client:2.46.8')
7474

7575
testImplementation(testFixtures(project(":nextflow")))
7676
testImplementation project(':nextflow')

plugins/nf-azure/build.gradle

Lines changed: 3 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -68,13 +68,9 @@ dependencies {
6868
// Force patched version to address GHSA-72hv-8253-57qq (jackson-core Number Length Constraint Bypass DoS)
6969
runtimeOnly 'com.fasterxml.jackson.core:jackson-core:2.18.6'
7070

71-
// Pin patched netty versions to address security vulnerabilities
72-
implementation 'io.netty:netty-common:4.1.133.Final'
73-
implementation 'io.netty:netty-handler:4.1.133.Final'
74-
implementation 'io.netty:netty-handler-proxy:4.1.133.Final'
75-
implementation 'io.netty:netty-codec-http:4.1.133.Final'
76-
implementation 'io.netty:netty-codec-http2:4.1.133.Final'
77-
implementation 'io.netty:netty-codec-dns:4.1.133.Final'
71+
// Pin azure-core-http-netty to a version that brings patched netty
72+
// (4.1.135.Final) to address GHSA-3qp7-7mw8-wx86 / CVE-2026-44249
73+
implementation 'com.azure:azure-core-http-netty:1.16.5'
7874

7975
testImplementation(testFixtures(project(":nextflow")))
8076
testImplementation project(':nextflow')

plugins/nf-codecommit/build.gradle

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -52,9 +52,9 @@ dependencies {
5252
compileOnly 'org.pf4j:pf4j:3.14.1'
5353

5454
api ('javax.xml.bind:jaxb-api:2.4.0-b180830.0359')
55-
api ('software.amazon.awssdk:codecommit:2.44.3')
56-
api ('software.amazon.awssdk:sso:2.44.3')
57-
api ('software.amazon.awssdk:ssooidc:2.44.3')
55+
api ('software.amazon.awssdk:codecommit:2.46.8')
56+
api ('software.amazon.awssdk:sso:2.46.8')
57+
api ('software.amazon.awssdk:ssooidc:2.46.8')
5858

5959
testImplementation(testFixtures(project(":nextflow")))
6060
testImplementation project(':nextflow')

0 commit comments

Comments
 (0)