Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
SIP2-178: Vert.x 4.4.6 fixing Netty HTTP/2 DoS (CVE-2023-44487)
Upgrade Vert.x from 4.3.4 to 4.4.6. This indirectly upgrades Netty from 4.1.82.Final to 4.1.100.Final fixing HTTP/2 Denial of Service (DoS): https://nvd.nist.gov/vuln/detail/CVE-2023-44487 log4j-bom must be listed before vertx-stack-depchain in <dependencyManagement> so that log4j-bom overwrites the log4j versions from vertx-stack-depchain; otherwise version mismatches result in class not found exceptions. For log4j 2.19.0 log4j-slf4j-impl won't work, only log4j-slf4j2-impl. (cherry picked from commit ef503fb)
- Loading branch information