[OAK-10076] Bump netty dependency from 4.1.68.Final to 4.1.86.Final - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.46.0, 1.22.14
Fix Version/s: 1.48.0, 1.22.15
Component/s: segment-tar
Labels:
- cold-standby
- vulnerability

Description

Vulnerabilities

CVE-2022-41881

A StackOverflowError can be raised when parsing a malformed crafted message due to an
infinite recursion.

https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v

Attachments

Issue Links

causes

OAK-10465 Embed netty-transport-native-unix-common dependency in oak-segment-tar

Closed

links to

GitHub Pull Request #827

GitHub Pull Request #830

Activity

People

Assignee:: Andrei Dulceanu

Reporter:: Andrei Dulceanu

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 20/Jan/23 12:01

Updated:: 04/Oct/23 09:18

Resolved:: 23/Jan/23 12:26