Jota Martos created SPARK-53567:
-----------------------------------
Summary: Upgrade Netty to 4.1.125.Final
Key: SPARK-53567
URL: https://issues.apache.org/jira/browse/SPARK-53567
Project: Spark
Issue Type: Sub-task
Components: Build
Affects Versions: 3.5.6, 4.0.0
Reporter: Jota Martos
Assignee: Bjørn Jørgensen
Fix For: 4.1.0
Upgrade Netty to 4.1.124.Final in order to fix CVE-2025-55163.
Netty is an asynchronous, event-driven network application framework. Prior to
versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset
DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses
malformed HTTP/2 control frames in order to break the max concurrent streams
limit - which results in resource exhaustion and distributed denial of service.
This issue has been patched in versions 4.1.124.Final and 4.2.4.Final.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
