Details

    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 2.0.0, 1.1.1, 1.2.0, 1.0.5
    • Fix Version/s: 2.0.0, 1.2.0, 1.1.2, 1.0.6
    • Component/s: storm-core
    • Environment:
      rev: f37a6bd99d10f65a43becadcd7f7615715e5dc0b
      jdk: 1.8.0_162
      mvn: 3.5.2

      Description

      netty 3.9.0 has been out since June 2014, netty 3.9.9 has been released in July 2015. On top of it, there are two known CVEs for netty below 3.9.2
      CVE-20140193 https://www.us-cert.gov/ncas/bulletins/SB14-132
      CVE-20143488 https://www.cvedetails.com/cve/CVE-2014-3488/

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                dbist13 Artem Ervits
                Reporter:
                dbist13 Artem Ervits
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 40m
                  40m