You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "Andrei Dulceanu (Jira)" <ji...@apache.org> on 2023/01/20 12:02:00 UTC
[jira] [Created] (OAK-10076) Bump netty dependency from 4.1.68.Final to 4.1.86.Final
Andrei Dulceanu created OAK-10076:
-------------------------------------
Summary: Bump netty dependency from 4.1.68.Final to 4.1.86.Final
Key: OAK-10076
URL: https://issues.apache.org/jira/browse/OAK-10076
Project: Jackrabbit Oak
Issue Type: Task
Components: segment-tar
Affects Versions: 1.22.14, 1.46.0
Reporter: Andrei Dulceanu
Assignee: Andrei Dulceanu
Fix For: 1.48.0, 1.22.15
*Vulnerabilities*
CVE-2022-41881
A StackOverflowError can be raised when parsing a malformed crafted message due to an
infinite recursion.
[https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v|https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)