[jira] [Commented] (TEZ-4494) Addressing CVE-2022-41881 - Netty vulnerability

Jira Thu, 04 Jan 2024 07:15:04 -0800


    [ 
https://issues.apache.org/jira/browse/TEZ-4494?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17803206#comment-17803206
 ]


László Bodor commented on TEZ-4494:
-----------------------------------

merged to master, thanks [~sercan.tekin] for the patch!

> Addressing CVE-2022-41881 - Netty vulnerability
> -----------------------------------------------
>
>                 Key: TEZ-4494
>                 URL: https://issues.apache.org/jira/browse/TEZ-4494
>             Project: Apache Tez
>          Issue Type: Bug
>    Affects Versions: 0.10.2
>            Reporter: Sercan Tekin
>            Assignee: Sercan Tekin
>            Priority: Major
>              Labels: netty, security, vulnerabilities
>             Fix For: 0.10.3
>
>          Time Spent: 1h
>  Remaining Estimate: 0h
>
> Current netty version in the project has high score CVE - 
> [https://nvd.nist.gov/vuln/detail/CVE-2022-41881]
> The netty version should be upgraded at least version 4.1.86.Final. The 
> latest version as of now is 4.1.93.Final.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (TEZ-4494) Addressing CVE-2022-41881 - Netty vulnerability

Reply via email to