Fix CVE-2025-24970

chore: Fix [CVE-2025-24970](GHSA-4g8c-wm8x-jfhw) SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine Signed-off-by: Spolti <[email protected]>
kserve · Feb 18, 2025 · 54961ec · 54961ec
1 parent 6ea70e2
commit 54961ec
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/pom.xml b/pom.xml
@@ -57,8 +57,8 @@
     <!--suppress UnresolvedMavenProperty -->
     <jenkins-build-tag>${env.BUILD_TAG}</jenkins-build-tag>  <!-- set by jenkins -->
 
-    <grpc-version>1.60.2</grpc-version>
-    <netty-version>4.1.108.Final</netty-version>
+    <grpc-version>1.63.2</grpc-version>
+    <netty-version>4.1.118.Final</netty-version>
     <litelinks-version>1.7.2</litelinks-version>
     <kv-utils-version>0.5.1</kv-utils-version>
     <etcd-java-version>0.0.24</etcd-java-version>
@@ -437,6 +437,10 @@
       <groupId>io.grpc</groupId>
       <artifactId>grpc-netty</artifactId>
     </dependency>
+    <dependency>
+      <groupId>io.grpc</groupId>
+      <artifactId>grpc-core</artifactId>
+    </dependency>
 
     <!-- This is required for compiling on java11+, to provide
        the @Generated annotation used in the protoc-generated