You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@storm.apache.org by "Jungtaek Lim (JIRA)" <ji...@apache.org> on 2018/02/01 04:32:00 UTC
[jira] [Updated] (STORM-2918) Upgrade Netty version
[ https://issues.apache.org/jira/browse/STORM-2918?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jungtaek Lim updated STORM-2918:
--------------------------------
Fix Version/s: (was: 1.0.6)
(was: 1.1.2)
(was: 1.2.0)
(was: 2.0.0)
> Upgrade Netty version
> ---------------------
>
> Key: STORM-2918
> URL: https://issues.apache.org/jira/browse/STORM-2918
> Project: Apache Storm
> Issue Type: Bug
> Components: storm-core
> Affects Versions: 2.0.0, 1.1.1, 1.2.0, 1.0.5
> Environment: rev: f37a6bd99d10f65a43becadcd7f7615715e5dc0b
> jdk: 1.8.0_162
> mvn: 3.5.2
> Reporter: Artem Ervits
> Assignee: Artem Ervits
> Priority: Blocker
> Labels: newbie, pull-request-available
> Time Spent: 10m
> Remaining Estimate: 0h
>
> netty 3.9.0 has been out since June 2014, netty 3.9.9 has been released in July 2015. On top of it, there are two known CVEs for netty below 3.9.2
> CVE-20140193 [https://www.us-cert.gov/ncas/bulletins/SB14-132]
> CVE-20143488 [https://www.cvedetails.com/cve/CVE-2014-3488/]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)