How to fix CVE-2023-34062: Path Traversal HTTP functionality for the Reactor Netty library 1.1.12 on spring webflux

334 Views Asked by James At 19 October 2024 at 22:31

I am running a spring boot application on spring webflux. Works well but I'd want to update the Reactor Netty HTTP Server to fix this issue https://spring.io/security/cve-2023-34062

I am trying to update the reactor netty on the maven pom file but still does not pass the pipeline security check.

Maven POM File

<dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-webflux</artifactId>
        </dependency>
        <dependency>
            <groupId>io.projectreactor.netty</groupId>
            <artifactId>reactor-netty</artifactId>
            <version>1.1.13</version>
        </dependency>
<dependencies>

What am I missing? My pipeline still says am running the Reactor Netty library 1.1.12.

Original Q&A

There are 1 best solutions below

James On 25 November 2023 at 16:42

I fixed this, was as simple as upgrading my spring boot version.

Was on version <spring.boot-version>3.1.5</spring.boot-version>

Upgraded to <spring.boot-version>3.1.6</spring.boot-version> and the issue was fixed.

How to fix CVE-2023-34062: Path Traversal HTTP functionality for the Reactor Netty library 1.1.12 on spring webflux

There are 1 best solutions below

Related Questions in SPRING-BOOT

Related Questions in SPRING-MVC

Related Questions in REACTOR-NETTY

Trending Questions

Popular # Hahtags

Popular Questions