[jira] [Commented] (ZOOKEEPER-4649) Upgrade netty to 4.1.86 because of CVE-2022-41915

Aayush Atharva (Jira) Tue, 13 Dec 2022 10:01:07 -0800


    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-4649?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17646761#comment-17646761
 ]


Aayush Atharva commented on ZOOKEEPER-4649:
-------------------------------------------

ZooKeeper does not use the Netty HTTP module. So we're not vulnerable to it.

> Upgrade netty to 4.1.86 because of CVE-2022-41915
> -------------------------------------------------
>
>                 Key: ZOOKEEPER-4649
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4649
>             Project: ZooKeeper
>          Issue Type: Task
>            Reporter: Mate Szalay-Beko
>            Assignee: Mate Szalay-Beko
>            Priority: Major
>
> Yesterday a new netty version was released fixing [CVE-2022-41915| 
> [https://nvd.nist.gov/vuln/detail/CVE-2022-41915].] We need to upgrade the 
> netty version.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (ZOOKEEPER-4649) Upgrade netty to 4.1.86 because of CVE-2022-41915

Reply via email to