[HADOOP-17955] Bump netty to the latest 4.1.68 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.4.0, 3.2.3, 3.3.2
Fix Version/s: 3.4.0, 3.2.3, 3.3.2
Component/s: build, common
Labels:
- pull-request-available

Target Version/s:

3.4.0, 3.2.3, 3.3.2
Hadoop Flags:

Reviewed

Description

Netty 4.1.68 fixes the following vulnerabilities.

Bzip2Decoder doesn't allow setting size restrictions for decompressed data (#CVE-2021-37136)
SnappyFrameDecoder doesn't restrict chunk length any may buffer skippable chunks in an unnecessary way (#CVE-2021-37137)

For more details: https://netty.io/news/2021/09/09/4-1-68-Final.html

Attachments

Issue Links

links to

GitHub Pull Request #3528

Activity

People

Assignee:: Takanobu Asanuma

Reporter:: Takanobu Asanuma

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 07/Oct/21 10:00

Updated:: 12/Feb/24 07:37

Resolved:: 08/Oct/21 01:51

Time Tracking

Estimated:

Not Specified

Remaining:

0h

Logged:

1h