[ZOOKEEPER-3716] upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Blocker
Resolution: Fixed
Affects Version/s: 3.6.0, 3.7.0, 3.5.6
Fix Version/s: 3.6.0, 3.5.7
Component/s: security, server
Labels:
- pull-request-available

Description

OWASP dependency-check is failing

upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445

[ERROR] netty-transport-4.1.42.Final.jar: CVE-2019-20445, CVE-2019-20444

We need to upgrade to netty 4.1.45 (current latest) or later

Attachments

Issue Links

links to

GitHub Pull Request #1245

GitHub Pull Request #1246

Activity

People

Assignee:: Patrick D. Hunt

Reporter:: Patrick D. Hunt

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 03/Feb/20 19:05

Updated:: 14/Feb/20 15:23

Resolved:: 04/Feb/20 09:35

Time Tracking

Estimated:

Not Specified

Remaining:

0h

Logged:

50m