Skip to content

Commit 02675db

Browse files
vinokurigvinokurig
authored
fix: Update io.vertx:vertx-core transitive dependency to fix CVE-2026-1002 (#962)
1 parent bdd57ba commit 02675db

2 files changed

Lines changed: 57 additions & 0 deletions

File tree

infrastructures/openshift/pom.xml

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -58,6 +58,11 @@
5858
<artifactId>netty-handler</artifactId>
5959
<groupId>io.netty</groupId>
6060
</exclusion>
61+
<!-- Fix CVE-2026-1002 -->
62+
<exclusion>
63+
<artifactId>vertx-core</artifactId>
64+
<groupId>io.vertx</groupId>
65+
</exclusion>
6166
</exclusions>
6267
</dependency>
6368
<dependency>
@@ -154,11 +159,47 @@
154159
<artifactId>che-core-commons-inject</artifactId>
155160
<scope>provided</scope>
156161
</dependency>
162+
<dependency>
163+
<groupId>io.netty</groupId>
164+
<artifactId>netty-codec-http</artifactId>
165+
<scope>runtime</scope>
166+
</dependency>
157167
<dependency>
158168
<groupId>io.netty</groupId>
159169
<artifactId>netty-handler</artifactId>
160170
<scope>runtime</scope>
161171
</dependency>
172+
<dependency>
173+
<groupId>io.vertx</groupId>
174+
<artifactId>vertx-core</artifactId>
175+
<scope>runtime</scope>
176+
<exclusions>
177+
<exclusion>
178+
<artifactId>netty-resolver</artifactId>
179+
<groupId>io.netty</groupId>
180+
</exclusion>
181+
<exclusion>
182+
<artifactId>netty-resolver-dns</artifactId>
183+
<groupId>io.netty</groupId>
184+
</exclusion>
185+
<exclusion>
186+
<artifactId>netty-buffer</artifactId>
187+
<groupId>io.netty</groupId>
188+
</exclusion>
189+
<exclusion>
190+
<artifactId>netty-transport</artifactId>
191+
<groupId>io.netty</groupId>
192+
</exclusion>
193+
<exclusion>
194+
<artifactId>netty-common</artifactId>
195+
<groupId>io.netty</groupId>
196+
</exclusion>
197+
<exclusion>
198+
<artifactId>netty-codec-http</artifactId>
199+
<groupId>io.netty</groupId>
200+
</exclusion>
201+
</exclusions>
202+
</dependency>
162203
<dependency>
163204
<groupId>ch.qos.logback</groupId>
164205
<artifactId>logback-classic</artifactId>
@@ -193,6 +234,11 @@
193234
<artifactId>netty-codec-http</artifactId>
194235
<groupId>io.netty</groupId>
195236
</exclusion>
237+
<!-- Fix CVE-2026-1002 -->
238+
<exclusion>
239+
<artifactId>vertx-core</artifactId>
240+
<groupId>io.vertx</groupId>
241+
</exclusion>
196242
<exclusion>
197243
<artifactId>netty-resolver</artifactId>
198244
<groupId>io.netty</groupId>

pom.xml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -84,6 +84,7 @@
8484
<io.prometheus.simpleclient.version>0.16.0</io.prometheus.simpleclient.version>
8585
<io.rest-assured.version>6.0.0</io.rest-assured.version>
8686
<io.swagger.version>2.2.16</io.swagger.version>
87+
<io.vertx.version>4.5.24</io.vertx.version>
8788
<jakarta.activation.version>2.1.4</jakarta.activation.version>
8889
<jakarta.annotation.version>3.0.0</jakarta.annotation.version>
8990
<jakarta.inject.version>1.0.5</jakarta.inject.version>
@@ -390,6 +391,11 @@
390391
<artifactId>netty-codec-dns</artifactId>
391392
<version>${io.netty.version}</version>
392393
</dependency>
394+
<dependency>
395+
<groupId>io.netty</groupId>
396+
<artifactId>netty-codec-http</artifactId>
397+
<version>${io.netty.version}</version>
398+
</dependency>
393399
<dependency>
394400
<groupId>io.netty</groupId>
395401
<artifactId>netty-codec-http2</artifactId>
@@ -502,6 +508,11 @@
502508
</exclusion>
503509
</exclusions>
504510
</dependency>
511+
<dependency>
512+
<groupId>io.vertx</groupId>
513+
<artifactId>vertx-core</artifactId>
514+
<version>${io.vertx.version}</version>
515+
</dependency>
505516
<dependency>
506517
<groupId>jakarta.activation</groupId>
507518
<artifactId>jakarta.activation-api</artifactId>

0 commit comments

Comments
 (0)