You are viewing a plain text version of this content. The canonical link for it is here.

Posted to oak-issues@jackrabbit.apache.org by "Julian Reschke (Jira)" <ji...@apache.org> on 2023/01/20 15:03:00 UTC

[jira] [Commented] (OAK-10076) Bump netty dependency from 4.1.68.Final to 4.1.86.Final

    [ https://issues.apache.org/jira/browse/OAK-10076?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17679186#comment-17679186 ] 

Julian Reschke commented on OAK-10076:
--------------------------------------

Why not 4.1.87?

> Bump netty dependency from 4.1.68.Final to 4.1.86.Final
> -------------------------------------------------------
>
>                 Key: OAK-10076
>                 URL: https://issues.apache.org/jira/browse/OAK-10076
>             Project: Jackrabbit Oak
>          Issue Type: Task
>          Components: segment-tar
>    Affects Versions: 1.46.0, 1.22.14
>            Reporter: Andrei Dulceanu
>            Assignee: Andrei Dulceanu
>            Priority: Major
>              Labels: cold-standby, vulnerability
>             Fix For: 1.48.0, 1.22.15
>
>
> *Vulnerabilities*
> CVE-2022-41881
> A StackOverflowError can be raised when parsing a malformed crafted message due to an
> infinite recursion.
> [https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v|https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)