[HADOOP-18933] upgrade netty to 4.1.100 due to CVE - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.4.0, 3.3.6
Fix Version/s: 3.4.0
Component/s: build
Labels:
- pull-request-available

Target Version/s:

3.4.0
Hadoop Flags:

Reviewed

Description

follow up to https://issues.apache.org/jira/browse/HADOOP-18783

https://netty.io/news/2023/10/10/4-1-100-Final.html

security advisory https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p

"HTTP/2 Rapid Reset Attack - DDoS vector in the HTTP/2 protocol due RST framesHTTP/2 Rapid Reset Attack - DDoS vector in the HTTP/2 protocol due RST frames

Attachments

Issue Links

links to

GitHub Pull Request #6173

GitHub Pull Request #6224

https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p

Activity

People

Assignee:: PJ Fanning

Reporter:: PJ Fanning

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 11/Oct/23 19:26

Updated:: 27/Jan/24 06:47

Resolved:: 25/Oct/23 13:07