[ZOOKEEPER-4462] Upgrade Netty TCNative to 2.0.48 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.8.0, 3.7.1, 3.6.4
Component/s: None
Labels:
- pull-request-available

Description

The OWASP checker fails m we should upgrade to the latest version

https://ci-hadoop.apache.org/blue/organizations/jenkins/zookeeper-multi-branch-owasp/detail/master/162/pipeline#step-35-log-562

[2022-01-28T09:07:39.858Z] One or more dependencies were identified with known vulnerabilities in Apache ZooKeeper - Server: 


[2022-01-28T09:07:39.859Z] netty-tcnative-classes-2.0.46.Final.jar (pkg:maven/io.netty/netty-tcnative-classes@2.0.46.Final, cpe:2.3:a:netty:netty:2.0.46:*:*:*:*:*:*:*) : CVE-2014-3488, CVE-2015-2156, CVE-2019-16869, CVE-2019-20444, CVE-2019-20445, CVE-2021-21290, CVE-2021-21295, CVE-2021-21409, CVE-2021-37136, CVE-2021-37137, CVE-2021-43797

https://ci-hadoop.apache.org/blue/organizations/jenkins/zookeeper-multi-branch-owasp/detail/master/162/pipeline#step-35-log-565[2022-01-28T09:07:39.859Z]

Attachments

Issue Links

is fixed by

ZOOKEEPER-4531 Revert Netty TCNative change

Closed

is related to

ZOOKEEPER-4469 Suppress OWASP false positives related to Netty TCNative

Closed

links to

GitHub Pull Request #1810

Activity

People

Assignee:: Enrico Olivelli

Reporter:: Enrico Olivelli

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 30/Jan/22 12:44

Updated:: 09/Oct/23 11:20

Resolved:: 31/Jan/22 16:23

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

50m