Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-13294

Upgrade Netty to 4.1.68 for CVE fixes

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 2.8.0
    • 3.1.0
    • core
    • None

    Description

      netty has reported a couple of CVEs regarding the usage of Bzip2Decoder and SnappyFrameDecoder. 

      Reference :

      CVE-2021-37136 - https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv

      CVE-2021-37137 - https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363

       

      Can we upgrade Netty to version 4.1.68.Final to fix this ? 

      Attachments

        Issue Links

          is cloned by

          Bug - A problem which impairs or prevents the functions of the product. KAFKA-13413 Upgrade Netty to 4.1.68 for CVE fixes

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          links to

          Web Link GitHub Pull Request #11324

          Activity

            People

              dongjin Dongjin Lee
              51n15t9r Utkarsh Khare
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: