Vulnerability disclosed in Netty

Issue date: 04-04-2022
Affects versions: 14.7, 13.4, 12.6

Security Issue ID

SECURITY-282

Affected Product Version(s)

14.7.1, 13.4.12, 12.6.22 and previous releases.

Severity

Low

Description

CVE-2021-43797

Netty is used indirectly as part of a migration tool for data generated by the relevance module implementation in version 10 of brXM. This tool is not active in normal production use of brXM, and therefore we consider this report to be a false positive. Nonetheless, we have updated this dependency to the latest version as part of the latest maintenance releases of brXM.

Instructions

Customers are recommended to upgrade to the latest version. As of the time of writing, 14.7.5, 13.4.16, or 12.6.25.

Content Application

Channels

Projects

Relevance

Architecture

Concepts

Platform Configuration

Frontend Integration

Backend Development

Commerce Accelerator

Cloud Deployment (PaaS)

On-Premise Deployment

Security

Release Management

Platform Development

Bloomreach Documentation version

Vulnerability disclosed in Netty