You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "Julian Reschke (Jira)" <ji...@apache.org> on 2023/01/20 15:03:00 UTC
[jira] [Commented] (OAK-10076) Bump netty dependency from 4.1.68.Final to 4.1.86.Final
[ https://issues.apache.org/jira/browse/OAK-10076?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17679186#comment-17679186 ]
Julian Reschke commented on OAK-10076:
--------------------------------------
Why not 4.1.87?
> Bump netty dependency from 4.1.68.Final to 4.1.86.Final
> -------------------------------------------------------
>
> Key: OAK-10076
> URL: https://issues.apache.org/jira/browse/OAK-10076
> Project: Jackrabbit Oak
> Issue Type: Task
> Components: segment-tar
> Affects Versions: 1.46.0, 1.22.14
> Reporter: Andrei Dulceanu
> Assignee: Andrei Dulceanu
> Priority: Major
> Labels: cold-standby, vulnerability
> Fix For: 1.48.0, 1.22.15
>
>
> *Vulnerabilities*
> CVE-2022-41881
> A StackOverflowError can be raised when parsing a malformed crafted message due to an
> infinite recursion.
> [https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v|https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)