This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-kamelets.git
The following commit(s) were added to refs/heads/main by this push:
new b71b7537 Use CycloneDX to generate VEX (#2099)
b71b7537 is described below
commit b71b75377a607e0e77548a4c4048d8e5ad6fbe0b
Author: Andrea Cosentino <[email protected]>
AuthorDate: Tue Jul 9 10:19:37 2024 +0200
Use CycloneDX to generate VEX (#2099)
Signed-off-by: Andrea Cosentino <[email protected]>
---
camel-kamelets-sbom/camel-kamelets-sbom.vex.json | 448 +++++++++++++++++++----
1 file changed, 372 insertions(+), 76 deletions(-)
diff --git a/camel-kamelets-sbom/camel-kamelets-sbom.vex.json
b/camel-kamelets-sbom/camel-kamelets-sbom.vex.json
index 9557ae0d..5f136be1 100644
--- a/camel-kamelets-sbom/camel-kamelets-sbom.vex.json
+++ b/camel-kamelets-sbom/camel-kamelets-sbom.vex.json
@@ -1,145 +1,441 @@
{
- "@context": "https://openvex.dev/ns/v0.2.0";,
- "@id":
"https://openvex.dev/docs/public/vex-1825a239e56e9f5a1a6096a98c5f1d3a426a0eb6d4574e602b4a62c0101bbad1";,
- "author": "Davide Fucci ([email protected])",
- "timestamp": "2024-06-19T09:27:02.736293+02:00",
- "last_updated": "2024-06-19T09:42:01.034645+02:00",
- "version": 11,
- "statements": [
+ "bomFormat" : "CycloneDX",
+ "specVersion" : "1.5",
+ "serialNumber" : "urn:uuid:37178f3d-7d85-437a-889f-1430b4c23709",
+ "version" : 1,
+ "metadata" : {
+ "timestamp" : "2024-07-09T08:11:09Z",
+ "tools" : [
+ {
+ "vendor" : "OWASP",
+ "name" : "Dependency-Track",
+ "version" : "4.10.1"
+ }
+ ],
+ "component" : {
+ "name" : "Camel-Kamelets",
+ "version" : "4",
+ "externalReferences" : [
+ {
+ "type" : "website",
+ "url" : "https://camel.apache.org/camel-kamelets-parent";
+ },
+ {
+ "type" : "distribution-intake",
+ "url" :
"https://repository.apache.org/service/local/staging/deploy/maven2";
+ },
+ {
+ "type" : "issue-tracker",
+ "url" : "https://github.com/apache/camel-kamelets/issues";
+ },
+ {
+ "type" : "mailing-list",
+ "url" : "[email protected]"
+ },
+ {
+ "type" : "vcs",
+ "url" :
"https://gitbox.apache.org/repos/asf?p=camel-kamelets.git;a=summary";
+ }
+ ],
+ "type" : "library",
+ "bom-ref" : "147d79ce-9c2a-498d-b1cb-11029d7fc641"
+ }
+ },
+ "vulnerabilities" : [
{
- "vulnerability": {
- "name": "CVE-2023-3635"
+ "bom-ref" : "8dff54f3-1260-4b15-bdee-f9f1d0bf1b49",
+ "id" : "SNYK-JAVA-ORGCODEHAUSJACKSON-3038425",
+ "source" : {
+ "name" : "SNYK"
},
- "timestamp": "2024-06-19T09:27:02.736294+02:00",
- "products": [
+ "ratings" : [
{
- "@id": "pkg:maven/com.squareup.okio/[email protected]?type=jar"
+ "source" : {
+ "name" : "SNYK"
+ },
+ "score" : 7.5,
+ "severity" : "high",
+ "method" : "CVSSv31",
+ "vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
- "status": "under_investigation"
+ "cwes" : [
+ 400
+ ],
+ "description" : "## Overview
[org.codehaus.jackson:jackson-mapper-asl](https://mvnrepository.com/artifact/org.codehaus.jackson/jackson-mapper-asl)
is a high-performance data binding package built on Jackson JSON processor.
Affected versions of this package are vulnerable to Denial of Service (DoS) in
the `_deserializeFromArray()` function in `BeanDeserializer`, due to resource
exhaustion when processing a deeply nested array. **NOTE:** For this
vulnerability to be exploitable the n [...]
+ "created" : "2022-10-02T09:21:18Z",
+ "updated" : "2023-11-08T09:43:38Z",
+ "affects" : [
+ {
+ "ref" : "147d79ce-9c2a-498d-b1cb-11029d7fc641"
+ }
+ ]
},
{
- "vulnerability": {
- "name": "CVE-2023-39410"
+ "bom-ref" : "74c3d734-0837-4a8b-bc62-ebdbd7b09d05",
+ "id" : "SNYK-JAVA-ORGCODEHAUSJACKSON-3038427",
+ "source" : {
+ "name" : "SNYK"
},
- "timestamp": "2024-06-19T09:29:01.449532+02:00",
- "products": [
+ "ratings" : [
{
- "@id": "pkg:maven/org.apache.avro/[email protected]?type=jar"
+ "source" : {
+ "name" : "SNYK"
+ },
+ "score" : 7.5,
+ "severity" : "high",
+ "method" : "CVSSv31",
+ "vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
- "status": "under_investigation"
+ "cwes" : [
+ 400
+ ],
+ "description" : "## Overview
[org.codehaus.jackson:jackson-mapper-asl](https://mvnrepository.com/artifact/org.codehaus.jackson/jackson-mapper-asl)
is a high-performance data binding package built on Jackson JSON processor.
Affected versions of this package are vulnerable to Denial of Service (DoS) in
the `_deserializeWrappedValue()` function in `StdDeserializer.java`, due to
resource exhaustion when processing deeply nested arrays. **NOTE:** This
vulnerability is only exploitable w [...]
+ "created" : "2022-10-02T09:41:44Z",
+ "updated" : "2023-11-08T09:43:38Z",
+ "affects" : [
+ {
+ "ref" : "147d79ce-9c2a-498d-b1cb-11029d7fc641"
+ }
+ ]
},
{
- "vulnerability": {
- "name": "CVE-2019-10202"
+ "bom-ref" : "1ce85ff3-bc60-44fe-963e-b452fffc97c4",
+ "id" : "SNYK-JAVA-ORGCODEHAUSJACKSON-534878",
+ "source" : {
+ "name" : "SNYK"
},
- "timestamp": "2024-06-19T09:33:14.931683+02:00",
- "products": [
+ "ratings" : [
{
- "@id":
"pkg:maven/org.codehaus.jackson/[email protected]?type=jar"
+ "source" : {
+ "name" : "SNYK"
+ },
+ "score" : 7.5,
+ "severity" : "high",
+ "method" : "CVSSv31",
+ "vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
- "status": "under_investigation"
+ "description" : "## Overview
[org.codehaus.jackson:jackson-mapper-asl](https://mvnrepository.com/artifact/org.codehaus.jackson/jackson-mapper-asl)
is a high-performance data binding package built on Jackson JSON processor.
Affected versions of this package are vulnerable to XML External Entity (XXE)
Injection. via the `DOMDeserializer.class` file and its inner classes
(`DocumentDeserializer.class` and `NodeDeserializer.class`) that uses the
`_parserFactory` instance without restric [...]
+ "recommendation" : "Upgrade the package version to to fix this
vulnerability",
+ "created" : "2019-11-19T11:44:30Z",
+ "published" : "2019-11-19T11:56:32Z",
+ "updated" : "2024-03-11T09:54:00Z",
+ "affects" : [
+ {
+ "ref" : "147d79ce-9c2a-498d-b1cb-11029d7fc641"
+ }
+ ]
},
{
- "vulnerability": {
- "name": "CVE-2019-10172"
+ "bom-ref" : "5cfc8ca5-3e9b-4643-b175-012724d716ed",
+ "id" : "SNYK-JAVA-ORGCODEHAUSJACKSON-3326362",
+ "source" : {
+ "name" : "SNYK"
},
- "timestamp": "2024-06-19T09:34:26.033861+02:00",
- "products": [
+ "ratings" : [
{
- "@id":
"pkg:maven/org.codehaus.jackson/[email protected]?type=jar"
+ "source" : {
+ "name" : "SNYK"
+ },
+ "score" : 9.8,
+ "severity" : "critical",
+ "method" : "CVSSv31",
+ "vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
- "status": "under_investigation"
+ "description" : "## Overview
[org.codehaus.jackson:jackson-mapper-asl](https://mvnrepository.com/artifact/org.codehaus.jackson/jackson-mapper-asl)
is a high-performance data binding package built on Jackson JSON processor.
Affected versions of this package are vulnerable to Improper Input Validation
which results in several instances of deserialization of untrusted data. This
issue is parallel to vulnerabilities reported and fixed in jackson-databind
(CVE-2017-17485, CVE-2017-7525, [...]
+ "recommendation" : "Upgrade the package version to to fix this
vulnerability",
+ "created" : "2023-02-21T07:30:54Z",
+ "published" : "2023-03-01T08:47:56Z",
+ "updated" : "2024-03-11T09:54:00Z",
+ "affects" : [
+ {
+ "ref" : "147d79ce-9c2a-498d-b1cb-11029d7fc641"
+ }
+ ]
},
{
- "vulnerability": {
- "name": "CVE-2024-25710"
+ "bom-ref" : "ef05c048-e001-4375-8306-9eecce182cfc",
+ "id" : "SNYK-JAVA-ORGAPACHECOMMONS-1316638",
+ "source" : {
+ "name" : "SNYK"
},
- "timestamp": "2024-06-19T09:35:44.392635+02:00",
- "products": [
+ "ratings" : [
{
- "@id": "pkg:maven/org.apache.commons/[email protected]?type=jar"
+ "source" : {
+ "name" : "SNYK"
+ },
+ "score" : 7.5,
+ "severity" : "high",
+ "method" : "CVSSv31",
+ "vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
- "status": "under_investigation"
+ "description" : "## Overview
[org.apache.commons:commons-compress](https://github.com/apache/commons-compress)
is an API for working with compression and archive formats. Affected versions
of this package are vulnerable to Denial of Service (DoS). When reading a
specially crafted 7Z archive, Compress can be made to allocate large amounts of
memory that finally leads to an out-of-memory error even for very small inputs.
This could be used to mount a denial of service attack against [...]
+ "recommendation" : "Upgrade the package version to 1.21 to fix this
vulnerability",
+ "created" : "2021-07-13T11:27:28Z",
+ "published" : "2021-07-13T15:29:21Z",
+ "updated" : "2024-03-11T09:53:57Z",
+ "affects" : [
+ {
+ "ref" : "147d79ce-9c2a-498d-b1cb-11029d7fc641"
+ }
+ ]
},
{
- "vulnerability": {
- "name": "CVE-2021-35515"
+ "bom-ref" : "557ace8c-3ba0-4b34-b3bd-7475ecb0de6a",
+ "id" : "SNYK-JAVA-ORGAPACHECOMMONS-1316639",
+ "source" : {
+ "name" : "SNYK"
},
- "timestamp": "2024-06-19T09:36:23.804341+02:00",
- "products": [
+ "ratings" : [
{
- "@id": "pkg:maven/org.apache.commons/[email protected]?type=jar"
+ "source" : {
+ "name" : "SNYK"
+ },
+ "score" : 7.5,
+ "severity" : "high",
+ "method" : "CVSSv31",
+ "vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
- "status": "under_investigation"
+ "description" : "## Overview
[org.apache.commons:commons-compress](https://github.com/apache/commons-compress)
is an API for working with compression and archive formats. Affected versions
of this package are vulnerable to Denial of Service (DoS). When reading a
specially crafted 7Z archive, the construction of the list of codecs that
decompress an entry can result in an infinite loop. This could be used to mount
a denial of service attack against services that use Compress' sevenz [...]
+ "recommendation" : "Upgrade the package version to 1.21 to fix this
vulnerability",
+ "created" : "2021-07-13T11:33:38Z",
+ "published" : "2021-07-13T15:29:20Z",
+ "updated" : "2024-03-11T09:53:53Z",
+ "affects" : [
+ {
+ "ref" : "147d79ce-9c2a-498d-b1cb-11029d7fc641"
+ }
+ ]
},
{
- "vulnerability": {
- "name": "CVE-2021-35565"
+ "bom-ref" : "fb8cad05-1fe6-4f5f-aa40-a4835cfe597a",
+ "id" : "SNYK-JAVA-ORGAPACHECOMMONS-1316640",
+ "source" : {
+ "name" : "SNYK"
},
- "timestamp": "2024-06-19T09:36:45.465007+02:00",
- "products": [
+ "ratings" : [
{
- "@id": "pkg:maven/org.apache.commons/[email protected]?type=jar"
+ "source" : {
+ "name" : "SNYK"
+ },
+ "score" : 7.5,
+ "severity" : "high",
+ "method" : "CVSSv31",
+ "vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
- "status": "under_investigation"
+ "description" : "## Overview
[org.apache.commons:commons-compress](https://github.com/apache/commons-compress)
is an API for working with compression and archive formats. Affected versions
of this package are vulnerable to Denial of Service (DoS). When reading a
specially crafted TAR archive, Compress can be made to allocate large amounts
of memory that finally leads to an out-of-memory error even for very small
inputs. This could be used to mount a denial of service attack against [...]
+ "recommendation" : "Upgrade the package version to 1.21 to fix this
vulnerability",
+ "created" : "2021-07-13T11:35:27Z",
+ "published" : "2021-07-13T15:29:20Z",
+ "updated" : "2024-03-11T09:53:51Z",
+ "affects" : [
+ {
+ "ref" : "147d79ce-9c2a-498d-b1cb-11029d7fc641"
+ }
+ ]
},
{
- "vulnerability": {
- "name": "CVE-2018-11771"
+ "bom-ref" : "f8de35b3-546f-4ad9-99c0-9cfb6bb26ae1",
+ "id" : "SNYK-JAVA-ORGAPACHECOMMONS-1316641",
+ "source" : {
+ "name" : "SNYK"
},
- "timestamp": "2024-06-19T09:37:11.953898+02:00",
- "products": [
+ "ratings" : [
{
- "@id": "pkg:maven/org.apache.commons/[email protected]?type=jar"
+ "source" : {
+ "name" : "SNYK"
+ },
+ "score" : 7.5,
+ "severity" : "high",
+ "method" : "CVSSv31",
+ "vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
- "status": "under_investigation"
+ "description" : "## Overview
[org.apache.commons:commons-compress](https://github.com/apache/commons-compress)
is an API for working with compression and archive formats. Affected versions
of this package are vulnerable to Denial of Service (DoS). When reading a
specially crafted ZIP archive, Compress can be made to allocate large amounts
of memory that finally leads to an out-of-memory error even for very small
inputs. This could be used to mount a denial of service attack against [...]
+ "recommendation" : "Upgrade the package version to 1.21 to fix this
vulnerability",
+ "created" : "2021-07-13T11:39:11Z",
+ "published" : "2021-07-13T15:29:20Z",
+ "updated" : "2024-03-11T09:53:57Z",
+ "affects" : [
+ {
+ "ref" : "147d79ce-9c2a-498d-b1cb-11029d7fc641"
+ }
+ ]
},
{
- "vulnerability": {
- "name": "CVE-2021-36090"
+ "bom-ref" : "6f944446-3332-440c-9eb2-967f6f500727",
+ "id" : "SNYK-JAVA-ORGAPACHECOMMONS-6254296",
+ "source" : {
+ "name" : "SNYK"
},
- "timestamp": "2024-06-19T09:37:37.997898+02:00",
- "products": [
+ "ratings" : [
{
- "@id": "pkg:maven/org.apache.commons/[email protected]?type=jar"
+ "source" : {
+ "name" : "SNYK"
+ },
+ "score" : 5.5,
+ "severity" : "medium",
+ "method" : "CVSSv31",
+ "vector" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
}
],
- "status": "under_investigation"
+ "description" : "## Overview
[org.apache.commons:commons-compress](https://github.com/apache/commons-compress)
is an API for working with compression and archive formats. Affected versions
of this package are vulnerable to Infinite loop due to the improper handling of
certain inputs during the parsing of dump files. An attacker can cause the
application to enter an infinite loop by supplying crafted inputs. ##
Remediation Upgrade `org.apache.commons:commons-compress` to version 1.2 [...]
+ "recommendation" : "Upgrade the package version to 1.26.0 to fix this
vulnerability",
+ "created" : "2024-02-20T10:52:07Z",
+ "published" : "2024-02-20T10:52:07Z",
+ "updated" : "2024-04-27T13:35:10Z",
+ "affects" : [
+ {
+ "ref" : "147d79ce-9c2a-498d-b1cb-11029d7fc641"
+ }
+ ]
},
{
- "vulnerability": {
- "name": "CVE-2021-35517"
+ "bom-ref" : "40cee64e-b16b-464a-a368-253adeac0cf7",
+ "id" : "SNYK-JAVA-COMSQUAREUPOKHTTP3-2958044",
+ "source" : {
+ "name" : "SNYK"
},
- "timestamp": "2024-06-19T09:38:00.592205+02:00",
- "products": [
+ "ratings" : [
{
- "@id": "pkg:maven/org.apache.commons/[email protected]?type=jar"
+ "source" : {
+ "name" : "SNYK"
+ },
+ "score" : 5.5,
+ "severity" : "medium",
+ "method" : "CVSSv31",
+ "vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
- "status": "under_investigation"
+ "description" : "## Overview
[com.squareup.okhttp3:okhttp](https://mvnrepository.com/artifact/com.squareup.okhttp3/okhttp)
is a HTTP & HTTP/2 client for Android and Java applications Affected versions
of this package are vulnerable to Information Exposure. When there's an illegal
character in a header value, an `IllegalArgumentException` is thrown whose
message includes the full header value. ## PoC ``` package
com.launchdarkly.eventsource; import okhttp3.*; import org.junit.Test; [...]
+ "recommendation" : "Upgrade the package version to 4.9.2 to fix this
vulnerability",
+ "created" : "2022-07-22T06:59:36Z",
+ "published" : "2022-07-22T06:59:36Z",
+ "updated" : "2024-03-11T09:53:38Z",
+ "affects" : [
+ {
+ "ref" : "147d79ce-9c2a-498d-b1cb-11029d7fc641"
+ }
+ ]
},
{
- "vulnerability": {
- "name": "CVE-2024-35255"
+ "bom-ref" : "85b4750f-b399-4e42-bc2d-abd7be2c4a71",
+ "id" : "SNYK-JAVA-COMSQUAREUPOKIO-5773320",
+ "source" : {
+ "name" : "SNYK"
},
- "timestamp": "2024-06-19T09:42:01.034646+02:00",
- "products": [
+ "ratings" : [
{
- "@id": "pkg:maven/com.microsoft.azure/[email protected]?type=jar"
- },
+ "source" : {
+ "name" : "SNYK"
+ },
+ "score" : 7.5,
+ "severity" : "high",
+ "method" : "CVSSv31",
+ "vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "description" : "## Overview Affected versions of this package are
vulnerable to Denial of Service (DoS) due to improper exception handling by the
`GzipSource` class when parsing a malformed gzip buffer. This vulnerability can
be exploited on the Okio client when handling a crafted GZIP archive. ## PoC
```java val gzBuf: Buffer = Buffer() try { val gzByteString: ByteString =
(\"1f8b41ff424242424343ffff\").decodeHex() gzBuf.write(gzByteString) val gz:
GzipSource = GzipSource(gzBuf) [...]
+ "recommendation" : "Upgrade the package version to 1.17.6,3.4.0 to fix
this vulnerability",
+ "created" : "2023-07-13T08:54:58Z",
+ "published" : "2023-07-13T09:04:26Z",
+ "updated" : "2024-04-08T08:36:20Z",
+ "affects" : [
+ {
+ "ref" : "147d79ce-9c2a-498d-b1cb-11029d7fc641"
+ }
+ ]
+ },
+ {
+ "bom-ref" : "f7d6d98d-008b-4bf9-8b2c-b0f193b30a39",
+ "id" : "SNYK-JAVA-ORGAPACHEAVRO-5926693",
+ "source" : {
+ "name" : "SNYK"
+ },
+ "ratings" : [
+ {
+ "source" : {
+ "name" : "SNYK"
+ },
+ "score" : 7.5,
+ "severity" : "high",
+ "method" : "CVSSv31",
+ "vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "description" : "## Overview
[org.apache.avro:avro](https://avro.apache.org/) is an Avro core components
Affected versions of this package are vulnerable to Improper Input Validation
when deserializing untrusted or corrupted data. An attacker can consume memory
beyond the allowed constraints, resulting in the system being out of memory. ##
Remediation Upgrade `org.apache.avro:avro` to version 1.11.3 or higher. ##
References - [Apache List](https://lists.apache.org/thread/q142wj99cw [...]
+ "recommendation" : "Upgrade the package version to 1.11.3 to fix this
vulnerability",
+ "created" : "2023-10-01T10:48:46Z",
+ "published" : "2023-10-01T11:21:06Z",
+ "updated" : "2024-03-11T09:54:02Z",
+ "affects" : [
+ {
+ "ref" : "147d79ce-9c2a-498d-b1cb-11029d7fc641"
+ }
+ ]
+ },
+ {
+ "bom-ref" : "54bb58b0-d5ec-47bf-a2b2-4301f1c1bbf3",
+ "id" : "SNYK-JAVA-ORGAPACHECOMMONS-32473",
+ "source" : {
+ "name" : "SNYK"
+ },
+ "ratings" : [
{
- @id: "pkg:maven/com.azure/[email protected]?type=jar"
+ "source" : {
+ "name" : "SNYK"
+ },
+ "score" : 5.5,
+ "severity" : "medium",
+ "method" : "CVSSv31",
+ "vector" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
}
],
- "status": "under_investigation"
+ "description" : "## Overview
[org.apache.commons:commons-compress](https://github.com/apache/commons-compress)
is an API for working with compression and archive formats. Affected versions
of this package are vulnerable to Denial of Service (DoS). When reading a
specially crafted ZIP archive, the read method might fail to return the correct
`EOF` indication after the end of the stream has been reached. If it combined
with a `java.io.InputStreamReader`, it can lead to an infinite st [...]
+ "recommendation" : "Upgrade the package version to 1.18-RC1 to fix this
vulnerability",
+ "created" : "2018-08-16T14:26:43Z",
+ "published" : "2018-08-19T13:36:14Z",
+ "updated" : "2024-03-11T09:48:50Z",
+ "affects" : [
+ {
+ "ref" : "147d79ce-9c2a-498d-b1cb-11029d7fc641"
+ }
+ ]
+ },
+ {
+ "bom-ref" : "d8dd9c4f-d279-4c67-996c-10c28a29895f",
+ "id" : "SNYK-JAVA-IONETTY-1042268",
+ "source" : {
+ "name" : "SNYK"
+ },
+ "ratings" : [
+ {
+ "source" : {
+ "name" : "SNYK"
+ },
+ "score" : 7.4,
+ "severity" : "high",
+ "method" : "CVSSv31",
+ "vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
+ }
+ ],
+ "cwes" : [
+ 295
+ ],
+ "description" : "## Overview
[io.netty:netty-handler](https://github.com/netty/netty.git/netty-handler) is a
library that provides an asynchronous event-driven network application
framework and tools for rapid development of maintainable high performance and
high scalability protocol servers and clients. In other words, Netty is a NIO
client server framework which enables quick and easy development of network
applications such as protocol servers and clients. It greatly simplifies [...]
+ "created" : "2020-11-20T15:44:58Z",
+ "updated" : "2023-10-11T01:10:45Z",
+ "affects" : [
+ {
+ "ref" : "147d79ce-9c2a-498d-b1cb-11029d7fc641"
+ }
+ ]
}
]
-}
+}
\ No newline at end of file
