[
https://issues.apache.org/jira/browse/KUDU-3629?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17902378#comment-17902378
]
ASF subversion and git services commented on KUDU-3629:
-------------------------------------------------------
Commit b009144cdb0081788d82517aa1d421c5886fb201 in kudu's branch
refs/heads/master from Alexey Serbin
[ https://gitbox.apache.org/repos/asf?p=kudu.git;h=b009144cd ]
[java] update Netty from 4.1.110.Final to 4.1.115.Final
This is to address at least CVE-2024-29025 and CVE-2024-47535
and make security scanners happier. More information on the
vulnerabilities are available at [1], [2]. Please note that
[2] isn't relevant to Kudu Java client since the client doesn't
use HTTP-related functionality in Netty.
This is to address KUDU-3629, at least partially.
[1] https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv
[2] https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v
Change-Id: Iabd8fb7d43b9ee03fb681ab3d92f271ef2e490b1
Reviewed-on: http://gerrit.cloudera.org:8080/22136
Reviewed-by: Zoltan Chovan <[email protected]>
Tested-by: Alexey Serbin <[email protected]>
Reviewed-by: Abhishek Chennaka <[email protected]>
> 2 high CVEs in kudu-client
> --------------------------
>
> Key: KUDU-3629
> URL: https://issues.apache.org/jira/browse/KUDU-3629
> Project: Kudu
> Issue Type: Bug
> Components: client
> Affects Versions: 1.17.0
> Reporter: Mateusz Gajewski
> Priority: Major
>
> There are outdated protobuf and netty libraries being shaded in kudu-client
> 1.17.1 which cannot be updated. Using `unshaded` artifact isn't an option as
> it doesn't ship the compiled protobuf classes.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
