Stefan Miklosovic created CASSJAVA-113:
------------------------------------------
Summary: Update Netty for driver to 4.1.126.Final
Key: CASSJAVA-113
URL: https://issues.apache.org/jira/browse/CASSJAVA-113
Project: Apache Cassandra Java driver
Issue Type: Task
Reporter: Stefan Miklosovic
Assignee: Stefan Miklosovic
There are various CVE scanners which detect that 4.19.0 which uses Netty 4.1.94
contains CVEs. While I do not personally think they are exploitable, the
scanners will trigger alarm and then it is virtually impossible to persuade
people looking at these scanners that it is most probably just fine.
In order to fix this issue, we need to bump Netty version to e.g. 4.1.26. I see
that in the current trunk it is 4.1.119 so it should be pretty smooth bump.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
