You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2021/12/15 08:12:33 UTC

[GitHub] [pulsar] nicoloboschi opened a new pull request #13328: [security] Upgrade Netty to 4.1.72 - CVE-2021-43797

nicoloboschi opened a new pull request #13328:
URL: https://github.com/apache/pulsar/pull/13328


   ### Motivation
   
   Netty versions prior to 4.1.71 are vulnerable to CVE-2021-43797
   https://nvd.nist.gov/vuln/detail/CVE-2021-43797
   
   
   Netty release notes:
   - https://netty.io/news/2021/10/11/4-1-69-Final.html
   - https://netty.io/news/2021/10/11/4-1-70-Final.html
   - https://netty.io/news/2021/12/09/4-1-71-Final.html
   - https://netty.io/news/2021/12/13/4-1-72-Final.html
   
   
   ### Modifications
   - Upgraded Netty libraries to 4.1.72.Final
   - Upgraded netty-tcnative-boringssl-static to 2.0.46.Final which is compatible with Netty 4.1.72.Final
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] nicoloboschi commented on pull request #13328: [security] Upgrade Netty to 4.1.72 - CVE-2021-43797

Posted by GitBox <gi...@apache.org>.

nicoloboschi commented on pull request #13328:
URL: https://github.com/apache/pulsar/pull/13328#issuecomment-994771632


   /pulsarbot rerun-failure-checks


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] lhotari commented on pull request #13328: [security] Upgrade Netty to 4.1.72 - CVE-2021-43797

Posted by GitBox <gi...@apache.org>.

lhotari commented on pull request #13328:
URL: https://github.com/apache/pulsar/pull/13328#issuecomment-1019981615


   @merlimat @codelipenghui @rdhabalia  This Netty upgrade to 4.1.72.Final brings in a major change in the Netty Recycler. The Netty Recycler was rewritten for Netty 4.1.71.Final in https://github.com/netty/netty/pull/11858 . 
   It's possible that the improvements in Netty Recycler fix odd thread-safety issues seen in Pulsar, such as #10433 .


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] merlimat merged pull request #13328: [security] Upgrade Netty to 4.1.72 - CVE-2021-43797

Posted by GitBox <gi...@apache.org>.

merlimat merged pull request #13328:
URL: https://github.com/apache/pulsar/pull/13328


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] github-actions[bot] commented on pull request #13328: [security] Upgrade Netty to 4.1.72 - CVE-2021-43797

Posted by GitBox <gi...@apache.org>.

github-actions[bot] commented on pull request #13328:
URL: https://github.com/apache/pulsar/pull/13328#issuecomment-994496753


   @nicoloboschi:Thanks for your contribution. For this PR, do we need to update docs?
   (The [PR template contains info about doc](https://github.com/apache/pulsar/blob/master/.github/PULL_REQUEST_TEMPLATE.md#documentation), which helps others know more about the changes. Can you provide doc-related info in this and future PR descriptions? Thanks)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] nicoloboschi commented on pull request #13328: [security] Upgrade Netty to 4.1.72 - CVE-2021-43797

Posted by GitBox <gi...@apache.org>.

nicoloboschi commented on pull request #13328:
URL: https://github.com/apache/pulsar/pull/13328#issuecomment-994986755


   /pulsarbot rerun-failure-checks


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org