'Azure SDK || Blackduck has detected security vulnerability on io.netty:netty-handler:jar:4.1.52.Final

I am using azure-security-keyvault-secrets SDK to connect to Azure keyvault in the spark scala application. The SDK Version we are using is 4.2.3, and it has netty-handler as a transitive dependency io.netty:netty-handler:jar:4.1.52.Final. Blackduck has detected security vulnerability on io.netty:netty-handler:jar:4.1.52.Final.

We tried with the latest version of azure-security-keyvault-secrets 4.3.7, for that too blackduck shows the same vulnerability.

Please let us know, if there is any plan in microsoft end to provide this azure-security-keyvault-secrets SDK by fixing the security vulnerability.

azure sdk

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution	Source

'Azure SDK || Blackduck has detected security vulnerability on io.netty:netty-handler:jar:4.1.52.Final

Sources

Related Questions