[jira] [Resolved] (HBASE-29126) Bump netty4 to 4.1.119.Final

Nihal Jain (Jira) Tue, 18 Mar 2025 22:59:04 -0700


     [ 
https://issues.apache.org/jira/browse/HBASE-29126?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Nihal Jain resolved HBASE-29126.
--------------------------------
    Resolution: Fixed

Pushed to hbase-thirdparty. Thanks [~revathy023] for this contribution.

> Bump netty4 to 4.1.119.Final
> ----------------------------
>
>                 Key: HBASE-29126
>                 URL: https://issues.apache.org/jira/browse/HBASE-29126
>             Project: HBase
>          Issue Type: Task
>          Components: dependencies, thirdparty
>            Reporter: Nihal Jain
>            Assignee: Revathy Mohandas
>            Priority: Major
>              Labels: pull-request-available
>
> netty 
> [4.1.117.Final|https://mvnrepository.com/artifact/io.netty/netty-all/4.1.117.Final]
>  and below has 
> [CVE-2025-24970|https://nvd.nist.gov/vuln/detail/CVE-2025-24970] which is 
> fixed in 
> [4.1.119.Final|https://mvnrepository.com/artifact/io.netty/netty-all/4.1.119.Final]
> Impact: When a special crafted packet is received via SslHandler it doesn't 
> correctly handle validation of such a packet in all cases which can lead to a 
> native crash.
>  
> See advisory:
>  * [https://github.com/advisories/GHSA-4g8c-wm8x-jfhw]
>  * [https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (HBASE-29126) Bump netty4 to 4.1.119.Final

Reply via email to