You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Wei-Chiu Chuang (Jira)" <ji...@apache.org> on 2021/03/31 04:26:00 UTC
[jira] [Commented] (HADOOP-17556) Understanding Netty versions and
upgrading them (three findings in Hadoop we could upgrade?)
[ https://issues.apache.org/jira/browse/HADOOP-17556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17312044#comment-17312044 ]
Wei-Chiu Chuang commented on HADOOP-17556:
------------------------------------------
It's not an easy task to migrate from netty3 to netty4 which is why it's not being done yet.
HADOOP-11219. I am starting the effort to get this going.
Not sure about the netty-codec. Hadoop does not depend on this directly.
we should also bump netty4 to the latest version (4.1.60)
> Understanding Netty versions and upgrading them (three findings in Hadoop we could upgrade?)
> --------------------------------------------------------------------------------------------
>
> Key: HADOOP-17556
> URL: https://issues.apache.org/jira/browse/HADOOP-17556
> Project: Hadoop Common
> Issue Type: Bug
> Reporter: Adam Roberts
> Priority: Major
>
> Hi everyone, have been raising a few JIRAs recently related to dependencies in Flink and Hadoop, and for Hadoop I have noticed the following versions of Netty in use. I'm wondering if we can work to upgrade these (potentially all to the same version) to remediate any CVEs we have.
>
> Here's what the Twistlock container scan picked up (so, this is Flink with Hadoop 3.3.1 snapshot, which I've scanned), so any thoughts or upgrade ideas would be most welcome.
>
> "version": "3.10.6.Final"
> "name": "io.netty_netty"
> "path": "/opt/flink/lib/flink-shaded-hadoop-3-uber-3.3.1-SNAPSHOT-10.0.jar"
>
> "version": "4.1.50.Final"
> "name": "io.netty_netty-all"
> "path": "/opt/flink/lib/flink-shaded-hadoop-3-uber-3.3.1-SNAPSHOT-10.0.jar"
>
> "version": "4.1.42.Final"
> "name": "io.netty_netty-codec"
> "path": "/opt/flink/lib/flink-shaded-hadoop-3-uber-3.3.1-SNAPSHOT-10.0.jar"
>
> The latest 4.1 Netty I see is
> {{[https://mvnrepository.com/artifact/io.netty/netty-all/4.1.59.Final]}}
>
> which may help with the above findings (assume things are all compatible!), thanks
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org