Skip to content

Commit 0dfd00f

Browse files
committed
fix: Update io.vertx:vertx-core transitive dependency to fix CVE-2026-1002
1 parent 6c3618b commit 0dfd00f

File tree

2 files changed

+52
-0
lines changed

2 files changed

+52
-0
lines changed

infrastructures/openshift/pom.xml

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -144,6 +144,11 @@
144144
<groupId>org.slf4j</groupId>
145145
<artifactId>slf4j-api</artifactId>
146146
</dependency>
147+
<dependency>
148+
<groupId>io.netty</groupId>
149+
<artifactId>netty-codec-http</artifactId>
150+
<scope>provided</scope>
151+
</dependency>
147152
<dependency>
148153
<groupId>jakarta.servlet</groupId>
149154
<artifactId>jakarta.servlet-api</artifactId>
@@ -159,6 +164,37 @@
159164
<artifactId>netty-handler</artifactId>
160165
<scope>runtime</scope>
161166
</dependency>
167+
<dependency>
168+
<groupId>io.vertx</groupId>
169+
<artifactId>vertx-core</artifactId>
170+
<scope>runtime</scope>
171+
<exclusions>
172+
<exclusion>
173+
<artifactId>netty-resolver</artifactId>
174+
<groupId>io.netty</groupId>
175+
</exclusion>
176+
<exclusion>
177+
<artifactId>netty-resolver-dns</artifactId>
178+
<groupId>io.netty</groupId>
179+
</exclusion>
180+
<exclusion>
181+
<artifactId>netty-buffer</artifactId>
182+
<groupId>io.netty</groupId>
183+
</exclusion>
184+
<exclusion>
185+
<artifactId>netty-transport</artifactId>
186+
<groupId>io.netty</groupId>
187+
</exclusion>
188+
<exclusion>
189+
<artifactId>netty-common</artifactId>
190+
<groupId>io.netty</groupId>
191+
</exclusion>
192+
<exclusion>
193+
<artifactId>nnetty-codec-http</artifactId>
194+
<groupId>io.netty</groupId>
195+
</exclusion>
196+
</exclusions>
197+
</dependency>
162198
<dependency>
163199
<groupId>ch.qos.logback</groupId>
164200
<artifactId>logback-classic</artifactId>
@@ -193,6 +229,11 @@
193229
<artifactId>netty-codec-http</artifactId>
194230
<groupId>io.netty</groupId>
195231
</exclusion>
232+
<!-- Fix CVE-2026-1002 -->
233+
<exclusion>
234+
<artifactId>vertx-core</artifactId>
235+
<groupId>io.vertx</groupId>
236+
</exclusion>
196237
<exclusion>
197238
<artifactId>netty-resolver</artifactId>
198239
<groupId>io.netty</groupId>

pom.xml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -84,6 +84,7 @@
8484
<io.prometheus.simpleclient.version>0.16.0</io.prometheus.simpleclient.version>
8585
<io.rest-assured.version>6.0.0</io.rest-assured.version>
8686
<io.swagger.version>2.2.16</io.swagger.version>
87+
<io.vertx.version>4.5.24</io.vertx.version>
8788
<jakarta.activation.version>2.1.4</jakarta.activation.version>
8889
<jakarta.annotation.version>3.0.0</jakarta.annotation.version>
8990
<jakarta.inject.version>1.0.5</jakarta.inject.version>
@@ -390,6 +391,11 @@
390391
<artifactId>netty-codec-dns</artifactId>
391392
<version>${io.netty.version}</version>
392393
</dependency>
394+
<dependency>
395+
<groupId>io.netty</groupId>
396+
<artifactId>netty-codec-http</artifactId>
397+
<version>${io.netty.version}</version>
398+
</dependency>
393399
<dependency>
394400
<groupId>io.netty</groupId>
395401
<artifactId>netty-codec-http2</artifactId>
@@ -502,6 +508,11 @@
502508
</exclusion>
503509
</exclusions>
504510
</dependency>
511+
<dependency>
512+
<groupId>io.vertx</groupId>
513+
<artifactId>vertx-core</artifactId>
514+
<version>${io.vertx.version}</version>
515+
</dependency>
505516
<dependency>
506517
<groupId>jakarta.activation</groupId>
507518
<artifactId>jakarta.activation-api</artifactId>

0 commit comments

Comments
 (0)