You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@storm.apache.org by "Jungtaek Lim (JIRA)" <ji...@apache.org> on 2018/02/01 04:32:00 UTC

[jira] [Updated] (STORM-2918) Upgrade Netty version

     [ https://issues.apache.org/jira/browse/STORM-2918?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jungtaek Lim updated STORM-2918:
--------------------------------
    Fix Version/s:     (was: 1.0.6)
                       (was: 1.1.2)
                       (was: 1.2.0)
                       (was: 2.0.0)

> Upgrade Netty version
> ---------------------
>
>                 Key: STORM-2918
>                 URL: https://issues.apache.org/jira/browse/STORM-2918
>             Project: Apache Storm
>          Issue Type: Bug
>          Components: storm-core
>    Affects Versions: 2.0.0, 1.1.1, 1.2.0, 1.0.5
>         Environment: rev: f37a6bd99d10f65a43becadcd7f7615715e5dc0b
> jdk: 1.8.0_162
> mvn: 3.5.2
>            Reporter: Artem Ervits
>            Assignee: Artem Ervits
>            Priority: Blocker
>              Labels: newbie, pull-request-available
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> netty 3.9.0 has been out since June 2014, netty 3.9.9 has been released in July 2015. On top of it, there are two known CVEs for netty below 3.9.2
> CVE-20140193 [https://www.us-cert.gov/ncas/bulletins/SB14-132]
> CVE-20143488 [https://www.cvedetails.com/cve/CVE-2014-3488/]



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)