[ https://issues.apache.org/jira/browse/ZOOKEEPER-4529?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mohammad Arshad resolved ZOOKEEPER-4529. ---------------------------------------- Fix Version/s: 3.7.1 3.6.4 3.9.0 3.8.1 Resolution: Fixed > Upgrade netty to 4.1.76.Final > ----------------------------- > > Key: ZOOKEEPER-4529 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4529 > Project: ZooKeeper > Issue Type: Improvement > Reporter: Ananya Singh > Assignee: Ananya Singh > Priority: Major > Labels: pull-request-available > Fix For: 3.7.1, 3.6.4, 3.9.0, 3.8.1 > > Time Spent: 2h 20m > Remaining Estimate: 0h > > To resolve the CVEs generated due to netty-tcnative-classes:jar:2.0.46.Final > we should upgrade netty version. > the following CVEs are coming due to dependency of > io.netty:netty-codec:jar:4.1.73.Final on > io.netty:netty-tcnative-classes:jar:2.0.46.Final. > > CVE-2014-3488, CVE-2015-2156, CVE-2019-16869, CVE-2019-20444, CVE-2019-20445, > CVE-2021-21290, CVE-2021-21295, CVE-2021-21409, CVE-2021-37136, > CVE-2021-37137, CVE-2021-43797 -- This message was sent by Atlassian Jira (v8.20.7#820007)