You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Donghyun Kim (Jira)" <ji...@apache.org> on 2022/12/16 07:20:00 UTC
[jira] [Created] (HADOOP-18578) Bump netty to the latest 4.1.86
Donghyun Kim created HADOOP-18578:
-------------------------------------
Summary: Bump netty to the latest 4.1.86
Key: HADOOP-18578
URL: https://issues.apache.org/jira/browse/HADOOP-18578
Project: Hadoop Common
Issue Type: Task
Reporter: Donghyun Kim
Fix For: 3.4.0, 3.3.5, 3.2.5
Netty 4.1.86 fixes the following vulnerabilities.
* HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)
* HTTP Response splitting from assigning header value iterator (CVE-2022-41915)
For more details: https://netty.io/news/2022/12/12/4-1-86-Final.html
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org