[
https://issues.apache.org/jira/browse/CASSJAVA-113?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Abe Ratnofsky updated CASSJAVA-113:
-----------------------------------
Authors: Abe Ratnofsky, Stefan Miklosovic (was: Stefan
Miklosovic)
Fix Version/s: 4.19.3
Source Control Link:
https://github.com/apache/cassandra-java-driver/commit/595cb29912dc8b55663cc13bafe3f17dc4f91ce6
Resolution: Fixed
Status: Resolved (was: Ready to Commit)
> Update Netty for driver to 4.1.129.Final
> ----------------------------------------
>
> Key: CASSJAVA-113
> URL: https://issues.apache.org/jira/browse/CASSJAVA-113
> Project: Apache Cassandra Java driver
> Issue Type: Task
> Components: Core
> Reporter: Stefan Miklosovic
> Assignee: Stefan Miklosovic
> Priority: Normal
> Fix For: 4.19.3
>
> Attachments: cassandra-java-driver-review-pr2068.txt
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> There are various CVE scanners which detect that 4.19.0 which uses Netty
> 4.1.94 contains CVEs. While I do not personally think they are exploitable,
> the scanners will trigger alarm and then it is virtually impossible to
> persuade people looking at these scanners that it is most probably just fine.
> In order to fix this issue, we need to bump Netty version to e.g. 4.1.126. I
> see that in the current trunk it is 4.1.119 so it should be pretty smooth
> bump.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
