[ZOOKEEPER-4272] Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295 - ASF JIRA

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.6.2
Fix Version/s: 3.5.10, 3.6.3, 3.8.0, 3.7.1
Component/s: security
Labels:
- pull-request-available

Description

Our security tool raised the following security flaw on zookeeper 3.6.2: https://nvd.nist.gov/vuln/detail/CVE-2021-21295

It is a vulnerability related to jar netty-codec-4.1.50.Final.jar.

Based on netty issue tracker, the vulnerability is fixed in 4.1.60.Final: https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj

Attachments

Issue Links

Add Link

links to

GitHub Pull Request #1669

Delete this link

GitHub Pull Request #1670

Delete this link

GitHub Pull Request #1671

Delete this link

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Ayush Mantri

Reporter:: Dominique Mongelli

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 30/Mar/21 14:53

Updated:: 18/May/22 13:11

Resolved:: 31/Mar/21 15:48

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295

Details

Description

Attachments

Issue Links

Activity

People

Dates

Time Tracking

Agile

Slack

Issue deployment