[jira] [Commented] (CASSANDRA-17326) Security Bug

Brandon Williams (Jira) Thu, 03 Feb 2022 04:54:08 -0800


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-17326?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17486447#comment-17486447
 ]


Brandon Williams commented on CASSANDRA-17326:
----------------------------------------------

Our OWASP suppressions are here: 
https://github.com/apache/cassandra/blob/cassandra-3.11/.build/dependency-check-suppressions.xml

> Security Bug
> ------------
>
>                 Key: CASSANDRA-17326
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-17326
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Dependencies
>            Reporter: Ori Prog
>            Priority: Normal
>
> The Cassandra 3.11.11 uses _netty-all-4.0.44.Final.jar_
> This library has the following CVEs. {*}Part of these CVEs are critical{*}!
> Please upgrade to 4.1.71.Final
> CVE-2019-20445
> CVE-2019-20444
> CVE-2019-16869
> CVE-2020-7238
> CVE-2021-37136
> CVE-2021-37137
> CVE-2021-21409
> CVE-2021-43797
> CVE-2021-21295
> CVE-2021-21290



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

[jira] [Commented] (CASSANDRA-17326) Security Bug

Reply via email to