[jira] [Commented] (KAFKA-14923) Upgrade io.netty_netty-codec for CVE-2022-41881

Vikash Mishra (Jira) Thu, 20 Apr 2023 07:07:49 -0700


    [ 
https://issues.apache.org/jira/browse/KAFKA-14923?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17714612#comment-17714612
 ]


Vikash Mishra commented on KAFKA-14923:
---------------------------------------

[~yash.mayya] Awesome, thanks for the details. Not sure if there is a patch 
planned for 3.4.0 but it's good to know that at least 3.5.0 will have fixes.

> Upgrade io.netty_netty-codec for CVE-2022-41881
> -----------------------------------------------
>
>                 Key: KAFKA-14923
>                 URL: https://issues.apache.org/jira/browse/KAFKA-14923
>             Project: Kafka
>          Issue Type: Task
>    Affects Versions: 3.4.0, 3.3.2
>            Reporter: Vikash Mishra
>            Priority: Critical
>
> Currently used io.netty_netty-codec version 4.1.78 has high severity CVE: 
> [NVD - CVE-2022-41881 
> (nist.gov)|https://nvd.nist.gov/vuln/detail/CVE-2022-41881]
> Fix was patched in version 4.1.86.Final. As we have higher stable version 
> 4.1.91.Final available we should upgrade to same to fix mentioned CVE.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (KAFKA-14923) Upgrade io.netty_netty-codec for CVE-2022-41881

Reply via email to