From cc3d8b162b8e7554370adf3b5f36fe4404534577 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louise=20S=C3=B6derstr=C3=B6m?= Date: Mon, 13 Mar 2023 13:36:55 +0100 Subject: [PATCH] [nw2aWxrX] Upgrade lettuce-core to 6.1.9-RELEASE to mitigate CVE-2021-37136, CVE-2021-37137 and CVE-2022-24823 --- .../modules/ROOT/pages/database-integration/redis.adoc | 2 +- extra-dependencies/redis/build.gradle | 2 +- full/build.gradle | 8 ++++---- full/src/main/java/apoc/redis/RedisConfig.java | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/asciidoc/modules/ROOT/pages/database-integration/redis.adoc b/docs/asciidoc/modules/ROOT/pages/database-integration/redis.adoc index 1545d349d0..e0e2794367 100644 --- a/docs/asciidoc/modules/ROOT/pages/database-integration/redis.adoc +++ b/docs/asciidoc/modules/ROOT/pages/database-integration/redis.adoc @@ -44,7 +44,7 @@ Here is a list of all available Redis procedures: == Install Dependencies The Redis procedures have dependencies on a client library that is not included in the APOC Library. -You can download it from https://github.com/lettuce-io/lettuce-core/releases/tag/6.1.1.RELEASE[the lettuce-core repository](except for `netty` jars because they are already included within neo4j) +You can download it from https://github.com/lettuce-io/lettuce-core/releases/tag/6.1.9.RELEASE[the lettuce-core repository](except for `netty` jars because they are already included within neo4j) or https://github.com/neo4j-contrib/neo4j-apoc-procedures/releases/download/{apoc-release}/apoc-redis-dependencies-{apoc-release}.jar[apoc repository] Once that file is downloaded, it should be placed in the `plugins` directory and the Neo4j Server restarted. diff --git a/extra-dependencies/redis/build.gradle b/extra-dependencies/redis/build.gradle index fb4f60c901..06c970fca8 100644 --- a/extra-dependencies/redis/build.gradle +++ b/extra-dependencies/redis/build.gradle @@ -17,7 +17,7 @@ jar { } dependencies { - compile group: 'io.lettuce', name: 'lettuce-core', version: '6.1.1.RELEASE', { + compile group: 'io.lettuce', name: 'lettuce-core', version: '6.1.9.RELEASE', { exclude group: 'io.netty' } } diff --git a/full/build.gradle b/full/build.gradle index 5d19207c95..125d14b702 100644 --- a/full/build.gradle +++ b/full/build.gradle @@ -91,8 +91,8 @@ dependencies { testCompile 'net.sourceforge.jexcelapi:jxl:2.6.12' - compileOnly group: 'com.amazonaws', name: 'aws-java-sdk-s3', version: '1.12.349' - testCompile group: 'com.amazonaws', name: 'aws-java-sdk-s3', version: '1.12.349' + compileOnly group: 'com.amazonaws', name: 'aws-java-sdk-s3', version: '1.12.425' + testCompile group: 'com.amazonaws', name: 'aws-java-sdk-s3', version: '1.12.425' testCompile group: 'org.reflections', name: 'reflections', version: '0.9.12' @@ -123,8 +123,8 @@ dependencies { compileOnly group: 'com.couchbase.client', name: 'java-client', version: '3.3.0', withoutJacksons testCompile group: 'com.couchbase.client', name: 'java-client', version: '3.3.0', withoutJacksons - compileOnly group: 'io.lettuce', name: 'lettuce-core', version: '6.1.1.RELEASE' - testCompile group: 'io.lettuce', name: 'lettuce-core', version: '6.1.1.RELEASE' + compileOnly group: 'io.lettuce', name: 'lettuce-core', version: '6.1.9.RELEASE' + testCompile group: 'io.lettuce', name: 'lettuce-core', version: '6.1.9.RELEASE' compileOnly group: 'org.neo4j', name: 'neo4j', version: neo4jVersionEffective diff --git a/full/src/main/java/apoc/redis/RedisConfig.java b/full/src/main/java/apoc/redis/RedisConfig.java index b5029fb98a..ac72feb75f 100644 --- a/full/src/main/java/apoc/redis/RedisConfig.java +++ b/full/src/main/java/apoc/redis/RedisConfig.java @@ -28,7 +28,7 @@ public RedisConnection getRedisConnection(String uri, Map config return (RedisConnection) constructor.newInstance(uri, redisConfig); } catch (NoClassDefFoundError e) { throw new MissingDependencyException("Cannot find the Redis client jar. \n" + - "Please put the lettuce-core-6.1.1.RELEASE.jar into plugin folder. \n" + + "Please put the lettuce-core-6.1.9.RELEASE.jar into plugin folder. \n" + "See the documentation: https://neo4j.com/labs/apoc/4.1/database-integration/redis/"); } catch (Exception e) { throw new RuntimeException(e);