xw 6 giorni fa
parent
commit
6f2bde8a66
1 ha cambiato i file con 7 aggiunte e 1 eliminazioni
  1. 7 1
      pom.xml

+ 7 - 1
pom.xml

@@ -47,7 +47,8 @@
         <!-- CVE-2023-6378 / CVE-2023-6481: logback receiver 反序列化 DoS,1.2.x 需 >= 1.2.13 -->
         <logback.version>1.2.13</logback.version>
         <!-- CVE-2026-42579: netty-codec-dns 未校验 RFC 1035 域名,4.1.x 需 >= 4.1.133.Final -->
-        <netty.version>4.1.133.Final</netty.version>
+        <!-- netty-codec-redis 需 >= 4.1.135.Final(或 4.2.15.Final+) -->
+        <netty.version>4.1.135.Final</netty.version>
         <!-- CVE-2022-45688 / CVE-2022-45690 / CVE-2022-4565: hutool-json DoS,需 >= 5.8.25(XML.toJSONObject)/ 5.8.11(ZipUtil) -->
         <hutool.version>5.8.38</hutool.version>
         <!-- CVE-2022-45688: org.json XML.toJSONObject 栈溢出 DoS,需 >= 20230227 -->
@@ -276,6 +277,11 @@
                 <artifactId>netty-codec-http</artifactId>
                 <version>${netty.version}</version>
             </dependency>
+            <dependency>
+                <groupId>io.netty</groupId>
+                <artifactId>netty-codec-redis</artifactId>
+                <version>${netty.version}</version>
+            </dependency>
             <dependency>
                 <groupId>io.netty</groupId>
                 <artifactId>netty-transport-native-unix-common</artifactId>