Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-4272

Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

      Description

      Our security tool raised the following security flaw on zookeeper 3.6.2: https://nvd.nist.gov/vuln/detail/CVE-2021-21295

      It is a vulnerability related to jar netty-codec-4.1.50.Final.jar.

      Based on netty issue tracker, the vulnerability is fixed in 4.1.60.Final: https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj

        Attachments

          Activity

            People

            • Assignee:
              ayushmantri Ayush Mantri
              Reporter:
              dominique Dominique Mongelli

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 1.5h
                1.5h

                  Issue deployment