[
https://issues.apache.org/jira/browse/KUDU-3629?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17902407#comment-17902407
]
ASF subversion and git services commented on KUDU-3629:
-------------------------------------------------------
Commit bf61ef9bf2b95511088d47e31f9a83bb245c6501 in kudu's branch
refs/heads/branch-1.18.x from Alexey Serbin
[ https://gitbox.apache.org/repos/asf?p=kudu.git;h=bf61ef9bf ]
[java] update Netty from 4.1.110.Final to 4.1.115.Final
This is to address at least CVE-2024-29025 and CVE-2024-47535
and make security scanners happier. More information on the
vulnerabilities are available at [1], [2]. Please note that
[2] isn't relevant to Kudu Java client since the client doesn't
use HTTP-related functionality in Netty.
This is to address KUDU-3629, at least partially.
[1] https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv
[2] https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v
Change-Id: Iabd8fb7d43b9ee03fb681ab3d92f271ef2e490b1
Reviewed-on: http://gerrit.cloudera.org:8080/22136
Reviewed-by: Zoltan Chovan <zcho...@cloudera.com>
Tested-by: Alexey Serbin <ale...@apache.org>
Reviewed-by: Abhishek Chennaka <achenn...@cloudera.com>
(cherry picked from commit b009144cdb0081788d82517aa1d421c5886fb201)
Reviewed-on: http://gerrit.cloudera.org:8080/22149
> 2 high CVEs in kudu-client
> --------------------------
>
> Key: KUDU-3629
> URL: https://issues.apache.org/jira/browse/KUDU-3629
> Project: Kudu
> Issue Type: Bug
> Components: client
> Affects Versions: 1.17.0
> Reporter: Mateusz Gajewski
> Priority: Major
>
> There are outdated protobuf and netty libraries being shaded in kudu-client
> 1.17.1 which cannot be updated. Using `unshaded` artifact isn't an option as
> it doesn't ship the compiled protobuf classes.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
