You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kafka.apache.org by ma...@apache.org on 2021/03/03 04:28:30 UTC
[kafka] branch 2.6 updated: KAFKA-12389: Upgrade of netty-codec due
to CVE-2021-21290
This is an automated email from the ASF dual-hosted git repository.
manikumar pushed a commit to branch 2.6
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/2.6 by this push:
new 04d3bd9 KAFKA-12389: Upgrade of netty-codec due to CVE-2021-21290
04d3bd9 is described below
commit 04d3bd9a002b0426daaabb15fcfdc273e4ebab02
Author: Lee Dongjin <do...@apache.org>
AuthorDate: Wed Mar 3 09:45:24 2021 +0530
KAFKA-12389: Upgrade of netty-codec due to CVE-2021-21290
This security vulnerability was found in netty-codec-http, but [caused by netty itself](https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec) and [fixed in 4.1.59.Final](https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2). So, upgrade the netty version from 4.1.51.Final to 4.1.59.Final.
Author: Lee Dongjin <do...@apache.org>
Reviewers: Manikumar Reddy <ma...@gmail.com>
Closes #10235 from dongjinleekr/feature/KAFKA-12389
(cherry picked from commit 4b3e3a9e86a8293282095d15709c1aa56c526ddf)
Signed-off-by: Manikumar Reddy <ma...@gmail.com>
---
gradle/dependencies.gradle | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
index d1b1786..90daf55 100644
--- a/gradle/dependencies.gradle
+++ b/gradle/dependencies.gradle
@@ -97,7 +97,7 @@ versions += [
mavenArtifact: "3.6.3",
metrics: "2.2.0",
mockito: "3.3.3",
- netty: "4.1.50.Final",
+ netty: "4.1.59.Final",
owaspDepCheckPlugin: "5.3.2.1",
powermock: "2.0.7",
reflections: "0.9.12",