[ https://issues.apache.org/jira/browse/SPARK-30308?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ankit Raj Boudh updated SPARK-30308: ------------------------------------ Comment: was deleted (was: [~vishwaskumar], 4.1.43.Final version we need to update ?) > Update Netty and Netty-all to address CVE-2019-16869 > ---------------------------------------------------- > > Key: SPARK-30308 > URL: https://issues.apache.org/jira/browse/SPARK-30308 > Project: Spark > Issue Type: Dependency upgrade > Components: Security > Affects Versions: 2.4.4 > Reporter: Vishwas > Priority: Minor > Labels: security > Fix For: 2.4.4 > > > As per [CVE-2019-16869|http://www.cvedetails.com/cve/CVE-2019-16869/], netty > mishandled whitespace before the colon in HTTP headers (such as a > "Transfer-Encoding : chunked" line), which lead to HTTP request smuggling. > This issue has been resolved in version 4.1.42.Final for both netty and > netty-all packages. > > -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org