You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
These both appear to relate to HttpObjectDecoder, which I see no references to in the Clouseau code. Looks like Clouseau only uses the org.jboss.netty.buffer.ChannelBuffer class.
jboss.netty 3.2.10 released in 2013, and has been moved to just netty, and 4.1.91 is the latest with 5.0.0 in pre-release.
Even if not exploitable, there is increasing demand from governments and enterprises to update dependencies regardless.
I'll open a PR and see if a simple version / name change happens to work
The text was updated successfully, but these errors were encountered:
Clouseau shades Netty 3.2.10, which contains
https://nvd.nist.gov/vuln/detail/CVE-2019-20444
https://nvd.nist.gov/vuln/detail/CVE-2019-20445
These both appear to relate to HttpObjectDecoder, which I see no references to in the Clouseau code. Looks like Clouseau only uses the org.jboss.netty.buffer.ChannelBuffer class.
jboss.netty 3.2.10 released in 2013, and has been moved to just netty, and 4.1.91 is the latest with 5.0.0 in pre-release.
Even if not exploitable, there is increasing demand from governments and enterprises to update dependencies regardless.
I'll open a PR and see if a simple version / name change happens to work
The text was updated successfully, but these errors were encountered: