zookeeper icon indicating copy to clipboard operation
zookeeper copied to clipboard

Published 20 hours ago verified publisher icon apache

Bump netty version to fix CVE-2022-24823

Open lmr3796 opened this issue 2 years ago • 4 comments

According to the page https://nvd.nist.gov/vuln/detail/CVE-2022-24823

The package io.netty:netty-codec-http prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290.

lmr3796 avatar Jun 01 '22 21:06 lmr3796

@arshadmohammad @Shoothzj Wondering if you can take a look at this one. I saw you reviewed on this relevant PR https://github.com/apache/zookeeper/pull/1867

lmr3796 avatar Jun 01 '22 21:06 lmr3796

Similar patch were also included for Cassandra https://issues.apache.org/jira/browse/CASSANDRA-17633

lmr3796 avatar Jun 01 '22 21:06 lmr3796

Hi @Shoothzj !

Thanks for the review. Wondering if you can grant the access to run the CI workflows?

lmr3796 avatar Jun 02 '22 21:06 lmr3796

@lmr3796 Sorry, I am not zookeeper maintainer, I can help you ping them who I knows. @maoling @eolivelli

shoothzj avatar Jun 02 '22 23:06 shoothzj

Already on Netty 4.1.94

anmolnar avatar Oct 03 '23 13:10 anmolnar