Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-4242

Upgrade Netty library to > 4.1.59 due to security vulnerability

Add voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Task
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.6.1, 3.5.8, 3.6.2
    • Fix Version/s: None
    • Component/s: security
    • Labels:
      None

      Description

      The latest version of Zookeeper (3.6.2) uses Netty 4.1.50.Final, which contains a security vulnerability CVE-2021-21290 (https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21290).  This was fixed in Netty 4.1.59 and the latest is 4.1.60.  Zookeeper needs to be updated to use the newest Netty version to eliminate this security vulnerability.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              boojapho Boojapho

              Dates

              • Created:
                Updated:

                Issue deployment