[jira] [Commented] (TINKERPOP-2983) Upgrade Netty for Security Reasons

Cole Greer (Jira) Tue, 15 Aug 2023 11:19:04 -0700


    [ 
https://issues.apache.org/jira/browse/TINKERPOP-2983?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17754732#comment-17754732
 ]


Cole Greer commented on TINKERPOP-2983:
---------------------------------------

Already have a dependabot PR for this upgrade: 
[https://github.com/apache/tinkerpop/pull/2167.] Reminder that Netty upgrades 
typically require an update to NOTICE files as well.

> Upgrade Netty for Security Reasons
> ----------------------------------
>
>                 Key: TINKERPOP-2983
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-2983
>             Project: TinkerPop
>          Issue Type: Bug
>          Components: driver, server
>    Affects Versions: 3.7.0
>            Reporter: Luca Garulli
>            Priority: Major
>              Labels: security
>
> Gremlin 3.7.0 (and previous) depends on Netty 4.1.86 that has a severe 
> security issue reported on [https://nvd.nist.gov/vuln/detail/CVE-2023-34462.]
>  
> The latest Netty version right now if 4.1.96.Final.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (TINKERPOP-2983) Upgrade Netty for Security Reasons

Reply via email to