You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@spark.apache.org by "Ankit Raj Boudh (Jira)" <ji...@apache.org> on 2019/12/20 01:10:00 UTC
[jira] [Commented] (SPARK-30308) Update Netty and Netty-all to
address CVE-2019-16869
[ https://issues.apache.org/jira/browse/SPARK-30308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17000522#comment-17000522 ]
Ankit Raj Boudh commented on SPARK-30308:
-----------------------------------------
[~vishwaskumar], 4.1.43.Final version we need to update ?
> Update Netty and Netty-all to address CVE-2019-16869
> ----------------------------------------------------
>
> Key: SPARK-30308
> URL: https://issues.apache.org/jira/browse/SPARK-30308
> Project: Spark
> Issue Type: Dependency upgrade
> Components: Security
> Affects Versions: 2.4.4
> Reporter: Vishwas
> Priority: Minor
> Labels: security
>
> As per [CVE-2019-16869|http://www.cvedetails.com/cve/CVE-2019-16869/], netty mishandled whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which lead to HTTP request smuggling.
> This issue has been resolved in version 4.1.42.Final for both netty and netty-all packages.
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org