You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@bookkeeper.apache.org by "lhotari (via GitHub)" <gi...@apache.org> on 2023/06/22 12:05:55 UTC

[GitHub] [bookkeeper] lhotari opened a new pull request, #3999: Upgrade Netty to 4.1.94.Final to address CVE-2023-34462

lhotari opened a new pull request, #3999:
URL: https://github.com/apache/bookkeeper/pull/3999

   ### Motivation
   
   OWASP dependency check fails because of CVE-2023-34462
   ```
   Error:  netty-handler-4.1.93.Final.jar: CVE-2023-34462(8.8)
   ```
   
   ### Changes
   
   Upgrade Netty to 4.1.94.Final
   Release notes: https://netty.io/news/2023/06/19/4-1-94-Final.html


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@bookkeeper.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [bookkeeper] hangc0276 commented on pull request #3999: Upgrade Netty to 4.1.94.Final to address CVE-2023-34462

Posted by "hangc0276 (via GitHub)" <gi...@apache.org>.

hangc0276 commented on PR #3999:
URL: https://github.com/apache/bookkeeper/pull/3999#issuecomment-1603458802

   https://github.com/apache/bookkeeper/pull/3996
   We already has one PR to upgrade the Netty version


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@bookkeeper.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [bookkeeper] Shoothzj merged pull request #3999: Upgrade Netty to 4.1.94.Final to address CVE-2023-34462

Posted by "Shoothzj (via GitHub)" <gi...@apache.org>.

Shoothzj merged PR #3999:
URL: https://github.com/apache/bookkeeper/pull/3999


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@bookkeeper.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [PR] Upgrade Netty to 4.1.94.Final to address CVE-2023-34462 [bookkeeper]

Posted by "zymap (via GitHub)" <gi...@apache.org>.

zymap commented on PR #3999:
URL: https://github.com/apache/bookkeeper/pull/3999#issuecomment-1844203008

   Too many conflicts to cherry-pick to 4.15.5. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@bookkeeper.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org