[ https://issues.apache.org/jira/browse/CASSANDRA-15590?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17040247#comment-17040247 ]
David Capwell commented on CASSANDRA-15590: ------------------------------------------- Seems that the [4.4.0|https://github.com/datastax/java-driver/blob/4.4.0/pom.xml#L49] release is impacted but its already been [patched|https://github.com/datastax/java-driver/blob/4.x/pom.xml#L48] > Upgrade io.netty_netty-all dependency to fix security vulnerabilities > --------------------------------------------------------------------- > > Key: CASSANDRA-15590 > URL: https://issues.apache.org/jira/browse/CASSANDRA-15590 > Project: Cassandra > Issue Type: Task > Components: Dependencies > Reporter: Vishwas Vijaya Kumar > Priority: Normal > > Upgrade io.netty_netty-all dependency to fix the following CVEs: > * > [CVE-2019-20444|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20444] > * > [CVE-2019-20445|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20445] > * > [CVE-2019-16869|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16869] -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org