Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New Release Request #686

Open
greggalbreath opened this issue Oct 5, 2022 · 2 comments
Open

New Release Request #686

greggalbreath opened this issue Oct 5, 2022 · 2 comments
Assignees
@andsel
Labels
low-hanging

Comments

@greggalbreath
Copy link

Can a new release be published using the latest commit? It would be nice if the latest release included all the updated dependencies, specifically removing the log4j vulnerability.
@hylkevds
Copy link
Collaborator

hylkevds commented Oct 19, 2022
edited

Moquette is using an old version of Log4J that is not vulnerable.
But if you want to try a version with updated patches, you can try the one we distribute: https://repo1.maven.org/maven2/de/fraunhofer/iosb/io/moquette/moquette-broker/0.15.1/

        <dependency>
            <groupId>de.fraunhofer.iosb.io.moquette</groupId>
            <artifactId>moquette-broker</artifactId>
            <version>0.15.1</version>
            </exclusions>
        </dependency>

The main addition to this branch is the work from #608.

@wborn
Copy link

wborn commented Dec 2, 2022

Upgrading the transitive Jackson 2.8.8 dependency (#698) may also help with preventing more vulnerabilities.

@andsel andsel self-assigned this Jan 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@andsel andsel

Labels
low-hanging
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@andsel @hylkevds @wborn @greggalbreath