[ZOOKEEPER-3563] dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Blocker
Resolution: Fixed
Affects Version/s: 3.5.5, 3.4.14
Fix Version/s: 3.6.0, 3.5.6
Component/s: security
Labels:
- pull-request-available

Description

The mvn dependency check is failing on 3.4 and 3.5:

3.4:
[ERROR] netty-3.10.6.Final.jar: CVE-2019-16869

3.5:
[ERROR] netty-transport-4.1.29.Final.jar: CVE-2019-16869

Attachments

Issue Links

links to

GitHub Pull Request #1102

GitHub Pull Request #1103

GitHub Pull Request #1111

Activity

People

Assignee:: Unassigned

Reporter:: Patrick D. Hunt

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 30/Sep/19 18:25

Updated:: 16/Oct/19 18:59

Resolved:: 08/Oct/19 13:17

Time Tracking

Estimated:

Not Specified

Remaining:

0h

Logged:

3h