You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@flink.apache.org by "Jens Oberender (JIRA)" <ji...@apache.org> on 2017/11/29 12:38:00 UTC
[jira] [Created] (FLINK-8170) Security Problems with Netty version
4.0.27.Final
Jens Oberender created FLINK-8170:
-------------------------------------
Summary: Security Problems with Netty version 4.0.27.Final
Key: FLINK-8170
URL: https://issues.apache.org/jira/browse/FLINK-8170
Project: Flink
Issue Type: Bug
Components: Core
Reporter: Jens Oberender
I did an OWASP dependency check on my flink project and it reports two problems for netty version 4.0.27.Final:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2156
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4970
According to #FLINK-3151 there was a memory problem with newer versions.
I couldn't find a reference to that problem in the netty issues. Perhaps it's already fixed with newer versions (netty 4.0.27 was release in Apr, 2015).
Unfortunatelly I'm not that familiar with flink yet, to build a setup to reproduce the memory problem. Can anyone try it with a newer version of netty (4.0.53.Final is the latest of 4.0)?
I came across an article about finding netty memory leaks with ByteBuf, perhaps that can help:
https://logz.io/blog/netty-bytebuf-memory-leak/
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)