[HADOOP-18578] Bump netty to the latest 4.1.86 - ASF JIRA

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Major
Resolution: Duplicate
Affects Version/s: 3.4.0, 3.2.4, 3.3.4
Fix Version/s: None
Component/s: build
Labels:
- pull-request-available
- transitive-cve

Description

Netty 4.1.86 fixes the following vulnerabilities.

HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)
HTTP Response splitting from assigning header value iterator (CVE-2022-41915)

For more details: https://netty.io/news/2022/12/12/4-1-86-Final.html

Attachments

Issue Links

Add Link

duplicates

HADOOP-18646 Upgrade Netty to 4.1.89.Final

Resolved

Delete this link

links to

GitHub Pull Request #5229

Delete this link

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Unassigned

Reporter:: Donghyun Kim

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 16/Dec/22 07:19

Updated:: 12/Jun/23 21:56

Resolved:: 17/Mar/23 13:19

Agile

View on Board

Bump netty to the latest 4.1.86