[
https://issues.apache.org/jira/browse/KUDU-3581?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17850053#comment-17850053
]
Alexey Serbin commented on KUDU-3581:
-------------------------------------
Thank you for the report.
IIUC, Kudu isn't affected by
[https://github.com/advisories/GHSA-xpw8-rcwv-8f8p|https://github.com/advisories/GHSA-xpw8-rcwv-8f8p]
since it doesn't use Netty for any of its server-side functionality. The
server-side Kudu is C++ only, no any Java involved.
The Netty component in the Java client should be upgraded eventually at least
to please various security scanners.
> Netty CVE Rapid Reset
> ---------------------
>
> Key: KUDU-3581
> URL: https://issues.apache.org/jira/browse/KUDU-3581
> Project: Kudu
> Issue Type: Task
> Reporter: Colm O hEigeartaigh
> Priority: Minor
>
> The version of Netty in Kudu 1.17.0 (4.1.94.Final -
> [https://github.com/apache/kudu/blob/6d6364d19d287d8effb604b6ab11dfdff5db794e/java/gradle/dependencies.gradle#L52)]
> is vulnerable to a security issue:
> [https://github.com/advisories/GHSA-xpw8-rcwv-8f8p]
> Please upgrade to at least 4.1.100.Final
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
