[ZOOKEEPER-4755] Handle Netty CVE-2023-4586 - ASF JIRA

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Task
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.7.2, 3.8.3, 3.9.1
Component/s: None
Labels:
- pull-request-available

Description

The dependency-check:check... check currently fails with the following:

[ERROR] netty-handler-4.1.94.Final.jar: CVE-2023-4586(6.5)

According to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4586 , CVE-2023-4586 is reserved. No fix or additional information is available as of the creation of this ticket.

We have to:

Temporarily suppress the check;
Monitor CVE-2023-4586 and apply the remediation as soon as it becomes available.

Attachments

Issue Links

Add Link

links to

GitHub Pull Request #2075

Delete this link

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Damien Diederen

Reporter:: Damien Diederen

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 03/Oct/23 16:23

Updated:: 11/Oct/23 11:56

Resolved:: 03/Oct/23 18:06

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

Handle Netty CVE-2023-4586