[
https://issues.apache.org/jira/browse/HADOOP-18079?focusedWorklogId=796131&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-796131
]
ASF GitHub Bot logged work on HADOOP-18079:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 28/Jul/22 16:29
Start Date: 28/Jul/22 16:29
Worklog Time Spent: 10m
Work Description: jasonwzs commented on PR #4593:
URL: https://github.com/apache/hadoop/pull/4593#issuecomment-1198375723
@jojochuang , is there a special reason why we need add other netty
artifacts dependency versions declaration in this PR, e.g. netty-handler-proxy?
I don't see where those lib dependencies except netty-all are explicitly added
in hadoop project. Is it ok to add have netty-all dependency only without
adding those additional netty-* lib dependencies declaration?
Issue Time Tracking
-------------------
Worklog Id: (was: 796131)
Time Spent: 5.5h (was: 5h 20m)
> Upgrade Netty to 4.1.77.Final
> -----------------------------
>
> Key: HADOOP-18079
> URL: https://issues.apache.org/jira/browse/HADOOP-18079
> Project: Hadoop Common
> Issue Type: Bug
> Components: build
> Affects Versions: 3.3.3
> Reporter: Renukaprasad C
> Assignee: Wei-Chiu Chuang
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.4.0, 3.3.4, 3.2.5
>
> Time Spent: 5.5h
> Remaining Estimate: 0h
>
> h4. Netty version - 4.1.71 has fix some CVEs.
> CVE-2019-20444,
> CVE-2019-20445
> CVE-2022-24823
> Upgrade to latest version.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
