Details
-
Improvement
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
1.4.0
Description
As documented in CVE-2016-4970, netty-all < 4.0.37.Final is susceptible to a denial of service attack due to TLS renegotiation. While Apache NiFi does not directly reference OpenSslEngine in the code, usages of io.netty.netty-all should be upgraded.
Current transitive dependencies containing netty-all:
Current (absence of) direct usage of OpenSslEngine:
Targets
Occurrences of 'netty' in Project with mask '*.java'
Found Occurrences (29 usages found)
Unclassified occurrence (29 usages found)
nifi-couchbase-processors (4 usages found)
org.apache.nifi.processors.couchbase (4 usages found)
PutCouchbaseKey.java (2 usages found)
51 import com.couchbase.client.deps.io.netty.buffer.ByteBuf;
52 import com.couchbase.client.deps.io.netty.buffer.Unpooled;
TestGetCouchbaseKey.java (2 usages found)
54 import com.couchbase.client.deps.io.netty.buffer.ByteBuf;
55 import com.couchbase.client.deps.io.netty.buffer.Unpooled;
nifi-grpc-processors (25 usages found)
org.apache.nifi.processors.grpc (25 usages found)
InvokeGRPC.java (7 usages found)
initializeClient(ProcessContext) (4 usages found)
234 final NettyChannelBuilder nettyChannelBuilder = NettyChannelBuilder.forAddress(host, port)
269 nettyChannelBuilder.sslContext(sslContextBuilder.build());
272 nettyChannelBuilder.usePlaintext(true);
275 final ManagedChannel channel = nettyChannelBuilder.build();
62 import io.grpc.netty.GrpcSslContexts;
63 import io.grpc.netty.NettyChannelBuilder;
64 import io.netty.handler.ssl.SslContextBuilder;
ListenGRPC.java (5 usages found)
startServer(ProcessContext) (1 usage found)
185 NettyServerBuilder serverBuilder = NettyServerBuilder.forPort(port)
65 import io.grpc.netty.GrpcSslContexts;
66 import io.grpc.netty.NettyServerBuilder;
67 import io.netty.handler.ssl.ClientAuth;
68 import io.netty.handler.ssl.SslContextBuilder;
TestGRPCClient.java (5 usages found)
buildChannel(String, int, Map<String, String>) (1 usage found)
86 NettyChannelBuilder channelBuilder = NettyChannelBuilder.forAddress(host, port)
38 import io.grpc.netty.GrpcSslContexts;
39 import io.grpc.netty.NettyChannelBuilder;
40 import io.netty.handler.ssl.ClientAuth;
41 import io.netty.handler.ssl.SslContextBuilder;
TestGRPCServer.java (7 usages found)
start(int) (3 usages found)
90 final NettyServerBuilder nettyServerBuilder = NettyServerBuilder
131 nettyServerBuilder.sslContext(sslContextBuilder.build());
134 server = nettyServerBuilder.build().start();
35 import io.grpc.netty.GrpcSslContexts;
36 import io.grpc.netty.NettyServerBuilder;
37 import io.netty.handler.ssl.ClientAuth;
38 import io.netty.handler.ssl.SslContextBuilder;
TestInvokeGRPC.java (1 usage found)
33 import io.netty.handler.ssl.ClientAuth;
