You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by GitBox <gi...@apache.org> on 2022/06/10 16:11:55 UTC

[GitHub] [ozone] smengcl opened a new pull request, #3505: HDDS-6871. Bump netty-bom to 4.1.77 due to CVE-2022-24823

smengcl opened a new pull request, #3505:
URL: https://github.com/apache/ozone/pull/3505

   ## What changes were proposed in this pull request?
   
   [CVE-2022-24823](https://nvd.nist.gov/vuln/detail/CVE-2022-24823)
   
   Latest version as of now it 4.1.77: https://mvnrepository.com/artifact/io.netty/netty-bom
   
   ## What is the link to the Apache JIRA
   
   https://issues.apache.org/jira/browse/HDDS-6871
   
   ## How was this patch tested?
   
   - Existing tests should pass


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] adoroszlai commented on pull request #3505: HDDS-6871. Bump netty to 4.1.79

Posted by GitBox <gi...@apache.org>.

adoroszlai commented on PR #3505:
URL: https://github.com/apache/ozone/pull/3505#issuecomment-1193142438

   Thanks @smengcl for the patch, @swagle for review.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] adoroszlai merged pull request #3505: HDDS-6871. Bump netty to 4.1.79

Posted by GitBox <gi...@apache.org>.

adoroszlai merged PR #3505:
URL: https://github.com/apache/ozone/pull/3505


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] smengcl commented on pull request #3505: HDDS-6871. Bump netty to 4.1.77 due to CVE-2022-24823

Posted by GitBox <gi...@apache.org>.

smengcl commented on PR #3505:
URL: https://github.com/apache/ozone/pull/3505#issuecomment-1153310765

   > Thanks @smengcl for the patch. Looks like dependencies have changed, `jar-report.txt` needs to be updated. (I think license needs no change, since these are just new jars from existing dependency.)
   > 
   > https://github.com/apache/ozone/runs/6834514417#step:5:27
   > 
   > Also, I guess HA and secure acceptance test timeouts could be related. (We usually need same version of Netty directly and via Ratis Thirdparty.)
   
   jar-report.txt is updated now. Thanks for catching this.
   
   Does that mean we need a new patch release of ratis-thirdparty just for this? Or we could use a SNAPSHOT jar for now?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] adoroszlai commented on pull request #3505: HDDS-6871. Bump netty to 4.1.77 due to CVE-2022-24823

Posted by GitBox <gi...@apache.org>.

adoroszlai commented on PR #3505:
URL: https://github.com/apache/ozone/pull/3505#issuecomment-1154410807

   > jar-report.txt is updated now. Thanks for catching this.
   
   Caught by the check, not me. :)
   
   > Does that mean we need a new patch release of ratis-thirdparty just for this?
   
   Yes, I think so.  (Unless we can figure out how to make these versions independent.  But even then, if the CVE is important, we need to update the version we use for Ratis communication.)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org