Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
3.6.3
-
None
-
None
Description
Hello everyone,
I work for a product which uses apache/zookeeper 3.6.3. We scanned our product with a security scanner which reported CVE-2019-17571, CVE-2021-37137, CVE-2021-37136
After analysis we found that this vulnerability is coming from zookeeper 3.6.3 because of direct dependency on netty-buffer-4.1.63.Final.jar
Could you please let us know is there any plan to update netty in coming versions