[ZOOKEEPER-4529] Upgrade netty to 4.1.76.Final - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.7.1, 3.6.4, 3.9.0, 3.8.1
Component/s: None
Labels:
- pull-request-available

Description

To resolve the CVEs generated due to netty-tcnative-classes:jar:2.0.46.Final we should upgrade netty version.

the following CVEs are coming due to dependency of io.netty:netty-codec:jar:4.1.73.Final on io.netty:netty-tcnative-classes:jar:2.0.46.Final.

CVE-2014-3488, CVE-2015-2156, CVE-2019-16869, CVE-2019-20444, CVE-2019-20445, CVE-2021-21290, CVE-2021-21295, CVE-2021-21409, CVE-2021-37136, CVE-2021-37137, CVE-2021-43797

Attachments

Issue Links

links to

GitHub Pull Request #1867

GitHub Pull Request #1869

Activity

People

Assignee:: Ananya Singh

Reporter:: Ananya Singh

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 25/Apr/22 11:37

Updated:: 03/Oct/23 13:44

Resolved:: 05/May/22 19:03

Time Tracking

Estimated:

Not Specified

Remaining:

Logged: