[ https://issues.apache.org/jira/browse/HADOOP-18079?focusedWorklogId=796131&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-796131 ]
ASF GitHub Bot logged work on HADOOP-18079: ------------------------------------------- Author: ASF GitHub Bot Created on: 28/Jul/22 16:29 Start Date: 28/Jul/22 16:29 Worklog Time Spent: 10m Work Description: jasonwzs commented on PR #4593: URL: https://github.com/apache/hadoop/pull/4593#issuecomment-1198375723 @jojochuang , is there a special reason why we need add other netty artifacts dependency versions declaration in this PR, e.g. netty-handler-proxy? I don't see where those lib dependencies except netty-all are explicitly added in hadoop project. Is it ok to add have netty-all dependency only without adding those additional netty-* lib dependencies declaration? Issue Time Tracking ------------------- Worklog Id: (was: 796131) Time Spent: 5.5h (was: 5h 20m) > Upgrade Netty to 4.1.77.Final > ----------------------------- > > Key: HADOOP-18079 > URL: https://issues.apache.org/jira/browse/HADOOP-18079 > Project: Hadoop Common > Issue Type: Bug > Components: build > Affects Versions: 3.3.3 > Reporter: Renukaprasad C > Assignee: Wei-Chiu Chuang > Priority: Major > Labels: pull-request-available > Fix For: 3.4.0, 3.3.4, 3.2.5 > > Time Spent: 5.5h > Remaining Estimate: 0h > > h4. Netty version - 4.1.71 has fix some CVEs. > CVE-2019-20444, > CVE-2019-20445 > CVE-2022-24823 > Upgrade to latest version. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org