Uploaded image for project: 'Apache Storm'
  1. Apache Storm
  2. STORM-2918

Upgrade Netty version

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Blocker
    • Resolution: Fixed
    • 2.0.0, 1.1.1, 1.2.0, 1.0.5
    • 2.0.0, 1.2.0, 1.1.2, 1.0.6
    • storm-core
    • rev: f37a6bd99d10f65a43becadcd7f7615715e5dc0b
      jdk: 1.8.0_162
      mvn: 3.5.2

    Description

      netty 3.9.0 has been out since June 2014, netty 3.9.9 has been released in July 2015. On top of it, there are two known CVEs for netty below 3.9.2
      CVE-20140193 https://www.us-cert.gov/ncas/bulletins/SB14-132
      CVE-20143488 https://www.cvedetails.com/cve/CVE-2014-3488/

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #2541

          Activity

            People

              dbist13 Artem Ervits
              dbist13 Artem Ervits
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 40m
                  40m