You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by GitBox <gi...@apache.org> on 2021/03/31 08:05:09 UTC

[GitHub] [kafka] dongjinleekr opened a new pull request #10448: KAFKA-12583: Upgrade of netty-codec due to CVE-2021-21295

dongjinleekr opened a new pull request #10448:
URL: https://github.com/apache/kafka/pull/10448


   [This security vulnerability](https://nvd.nist.gov/vuln/detail/CVE-2021-21295) was found in netty-codec-http2, but caused by netty itself and [fixed in 4.1.60.Final](https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj). So, upgrade the netty version from 4.1.59.Final to 4.1.62.Final.
   
   ### Committer Checklist (excluded from commit message)
   - [ ] Verify design and implementation 
   - [ ] Verify test coverage and CI build status
   - [ ] Verify documentation (including upgrade notes)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [kafka] ijuma commented on pull request #10448: KAFKA-12583: Upgrade netty to 4.1.62.Final

Posted by GitBox <gi...@apache.org>.

ijuma commented on pull request #10448:
URL: https://github.com/apache/kafka/pull/10448#issuecomment-811902202


   I cherry-picked to 2.8 as well.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [kafka] ijuma merged pull request #10448: KAFKA-12583: Upgrade netty to 4.1.62.Final

Posted by GitBox <gi...@apache.org>.

ijuma merged pull request #10448:
URL: https://github.com/apache/kafka/pull/10448


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [kafka] ijuma commented on pull request #10448: KAFKA-12583: Upgrade netty to 4.1.62.Final

Posted by GitBox <gi...@apache.org>.

ijuma commented on pull request #10448:
URL: https://github.com/apache/kafka/pull/10448#issuecomment-811169061


   This doesn't affect our project since we don't use http2, still good to merge the upgrade.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [kafka] dongjinleekr commented on pull request #10448: KAFKA-12583: Upgrade of netty-codec due to CVE-2021-21295

Posted by GitBox <gi...@apache.org>.

dongjinleekr commented on pull request #10448:
URL: https://github.com/apache/kafka/pull/10448#issuecomment-810867628


   @omkreddy @tombentley Please have a look.
   
   @vvcephei @mimaison It should be included in 2.8.0 and 2.7.1. Isn't it?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org