[CASSANDRA-15873] Update Netty 4.0.44 -> 4.1.50 (fix security/performance issues) - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Normal
Resolution: Fixed
Fix Version/s: 3.11.x
Component/s: Dependencies
Labels:
None

Complexity:
Low Hanging Fruit
Platform:

All
Impacts:

None
Test and Documentation Plan:

Hide

TBD

Show
TBD

Description

See https://issues.apache.org/jira/browse/CASSANDRA-15868 for the same issue on 4.0 / trunk. Attached is an OWASP dependency report for Netty 4.0.44, which identifies 3 of the same vulnerabilities as above.

Additionally, 4.1.50 contains aarch64 native libraries which can improve performance on ARM processors.

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

dependency-check-report.html
12/Jun/20 18:11
469 kB
Matt Davis
unittest_netty.log
09/Jul/20 16:28
208 kB
Matt Davis

Issue Links

duplicates

CASSANDRA-17992 Upgrade Netty on 5.0

Resolved

is related to

CASSANDRA-15868 Update Netty version to 4.1.50 because there are security issues in 4.1.37

Resolved

Activity

People

Assignee:: Unassigned

Reporter:: Matt Davis

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 12/Jun/20 18:15

Updated:: 03/Jun/24 22:22

Resolved:: 03/Jun/24 22:22