You are viewing a plain text version of this content. The canonical link for it is here.

Posted to oak-issues@jackrabbit.apache.org by "Andrei Dulceanu (Jira)" <ji...@apache.org> on 2023/01/20 12:02:00 UTC

[jira] [Created] (OAK-10076) Bump netty dependency from 4.1.68.Final to 4.1.86.Final

Andrei Dulceanu created OAK-10076:
-------------------------------------

             Summary: Bump netty dependency from 4.1.68.Final to 4.1.86.Final
                 Key: OAK-10076
                 URL: https://issues.apache.org/jira/browse/OAK-10076
             Project: Jackrabbit Oak
          Issue Type: Task
          Components: segment-tar
    Affects Versions: 1.22.14, 1.46.0
            Reporter: Andrei Dulceanu
            Assignee: Andrei Dulceanu
             Fix For: 1.48.0, 1.22.15


*Vulnerabilities*

CVE-2022-41881

A StackOverflowError can be raised when parsing a malformed crafted message due to an
infinite recursion.

[https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v|https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)