You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by GitBox <gi...@apache.org> on 2021/09/14 06:37:30 UTC

[GitHub] [kafka] dongjinleekr opened a new pull request #11324: KAFKA-13294: Upgrade Netty to 4.1.68 for CVE fixes

dongjinleekr opened a new pull request #11324:
URL: https://github.com/apache/kafka/pull/11324


   `netty-codec` `4.1.62.Final` has the following security vulnerabilities, which in turn effects `netty-transport-native-epoll` Apache Kafka depends on.
   
   - [CVE-2021-37136](https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv)
   - [CVE-2021-37137](https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363)
   
   ### Committer Checklist (excluded from commit message)
   - [ ] Verify design and implementation 
   - [ ] Verify test coverage and CI build status
   - [ ] Verify documentation (including upgrade notes)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: jira-unsubscribe@kafka.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [kafka] dongjinleekr commented on pull request #11324: KAFKA-13294: Upgrade Netty to 4.1.68 for CVE fixes

Posted by GitBox <gi...@apache.org>.

dongjinleekr commented on pull request #11324:
URL: https://github.com/apache/kafka/pull/11324#issuecomment-919050807


   @kkonstantine Should it be merged into 3.0.0? or only for 2.8.1? 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: jira-unsubscribe@kafka.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [kafka] ijuma commented on pull request #11324: KAFKA-13294: Upgrade Netty to 4.1.68 for CVE fixes

Posted by GitBox <gi...@apache.org>.

ijuma commented on pull request #11324:
URL: https://github.com/apache/kafka/pull/11324#issuecomment-921762892


   Netty is used by `ZooKeeper` and `epoll` is not configured by default. By the way, security vulnerabilities should generally not be discussed in PRs (https://www.apache.org/security/committers.html)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: jira-unsubscribe@kafka.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [kafka] ijuma merged pull request #11324: KAFKA-13294: Upgrade Netty to 4.1.68 for CVE fixes

Posted by GitBox <gi...@apache.org>.

ijuma merged pull request #11324:
URL: https://github.com/apache/kafka/pull/11324


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: jira-unsubscribe@kafka.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org