[jira] [Commented] (FLUME-3386) flume-ng-sdk uses vulnerable version of netty

Ralph Goers (Jira) Tue, 01 Feb 2022 06:05:09 -0800


    [ 
https://issues.apache.org/jira/browse/FLUME-3386?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17485266#comment-17485266
 ]


Ralph Goers commented on FLUME-3386:
------------------------------------

The work to upgrade Netty has already been completed. I am in the process of 
upgrading many of Flume’s dependencies to produce a release.

> flume-ng-sdk uses vulnerable version of netty
> ---------------------------------------------
>
>                 Key: FLUME-3386
>                 URL: https://issues.apache.org/jira/browse/FLUME-3386
>             Project: Flume
>          Issue Type: Dependency upgrade
>    Affects Versions: 1.9.0
>            Reporter: Lily Warner
>            Priority: Major
>
> Vulnerabilities:
>  * [https://nvd.nist.gov/vuln/detail/CVE-2019-16869]
>  * [https://nvd.nist.gov/vuln/detail/CVE-2019-20444]
>  * [https://nvd.nist.gov/vuln/detail/CVE-2019-20445]
>  * sonatype-2020-0103
>  * sonatype-2020-0029
> Version to migrate to: 4.1.59 or above



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (FLUME-3386) flume-ng-sdk uses vulnerable version of netty

Reply via email to