You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Donghyun Kim (Jira)" <ji...@apache.org> on 2022/12/16 07:20:00 UTC

[jira] [Created] (HADOOP-18578) Bump netty to the latest 4.1.86

Donghyun Kim created HADOOP-18578:
-------------------------------------

             Summary: Bump netty to the latest 4.1.86
                 Key: HADOOP-18578
                 URL: https://issues.apache.org/jira/browse/HADOOP-18578
             Project: Hadoop Common
          Issue Type: Task
            Reporter: Donghyun Kim
             Fix For: 3.4.0, 3.3.5, 3.2.5


Netty 4.1.86 fixes the following vulnerabilities.
 * HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)
 * HTTP Response splitting from assigning header value iterator (CVE-2022-41915)

For more details: https://netty.io/news/2022/12/12/4-1-86-Final.html



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org