You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@kafka.apache.org by "Vikash Mishra (Jira)" <ji...@apache.org> on 2023/04/20 07:20:00 UTC

[jira] [Created] (KAFKA-14923) Upgrade io.netty_netty-codec for CVE-2022-41881

Vikash Mishra created KAFKA-14923:
-------------------------------------

             Summary: Upgrade io.netty_netty-codec for CVE-2022-41881
                 Key: KAFKA-14923
                 URL: https://issues.apache.org/jira/browse/KAFKA-14923
             Project: Kafka
          Issue Type: Task
    Affects Versions: 3.3.2, 3.4.0
            Reporter: Vikash Mishra


Currently used io.netty_netty-codec version 4.1.78 has high severity CVE: [NVD - CVE-2022-41881 (nist.gov)|https://nvd.nist.gov/vuln/detail/CVE-2022-41881]

Fix was patched in version 4.1.86.Final. As we have higher stable version 4.1.91.Final available we should upgrade to same to fix mentioned CVE.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)