[ZOOKEEPER-4404] Upgrade Netty to 4.1.68 for CVE fixes - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Minor
Resolution: Unresolved
Affects Version/s: 3.7.0
Fix Version/s: None
Component/s: security
Labels:
None

Description

netty has reported a couple of CVEs regarding the usage of Bzip2Decoder and SnappyFrameDecoder.

Reference :

CVE-2021-37136 - https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv

CVE-2021-37137 - https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363

Can we upgrade Netty to version 4.1.68.Final to fix this ?

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Dominique Mongelli

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 28/Oct/21 09:01

Updated:: 28/Mar/22 07:31