[ZOOKEEPER-4242] Upgrade Netty library to > 4.1.59 due to security vulnerability - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 3.6.1, 3.5.8, 3.6.2
Fix Version/s: None
Component/s: security
Labels:
None

Description

The latest version of Zookeeper (3.6.2) uses Netty 4.1.50.Final, which contains a security vulnerability CVE-2021-21290 (https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21290). This was fixed in Netty 4.1.59 and the latest is 4.1.60. Zookeeper needs to be updated to use the newest Netty version to eliminate this security vulnerability.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Boojapho

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 11/Mar/21 19:15

Updated:: 02/Apr/21 13:39