You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hbase.apache.org by "Nikita Pande (Jira)" <ji...@apache.org> on 2024/04/10 02:10:00 UTC

[jira] [Commented] (HBASE-28486) fix CVE-2024-29025 in netty package

    [ https://issues.apache.org/jira/browse/HBASE-28486?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17835567#comment-17835567 ] 

Nikita Pande commented on HBASE-28486:
--------------------------------------

[~zhangduo] can this be taken in now? Since https://issues.apache.org/jira/browse/HBASE-28491 is resolved

> fix CVE-2024-29025 in netty package 
> ------------------------------------
>
>                 Key: HBASE-28486
>                 URL: https://issues.apache.org/jira/browse/HBASE-28486
>             Project: HBase
>          Issue Type: Improvement
>            Reporter: Nikita Pande
>            Assignee: Nikita Pande
>            Priority: Major
>              Labels: pull-request-available
>
> Following CVEs are observed in io.netty : netty-handler and io.netty : netty-codec-http : 4.1.100.Final
> [CVE-2024-29025|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-29025]
> sonatype-2020-0026
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)