[jira] [Resolved] (ZOOKEEPER-4755) Handle Netty CVE-2023-4586

Damien Diederen (Jira) Tue, 03 Oct 2023 11:07:54 -0700


     [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-4755?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Damien Diederen resolved ZOOKEEPER-4755.
----------------------------------------
    Fix Version/s: 3.7.2
                   3.9.1
                   3.8.3
       Resolution: Fixed

Issue resolved by pull request 2075
[https://github.com/apache/zookeeper/pull/2075]

> Handle Netty CVE-2023-4586
> --------------------------
>
>                 Key: ZOOKEEPER-4755
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4755
>             Project: ZooKeeper
>          Issue Type: Task
>            Reporter: Damien Diederen
>            Assignee: Damien Diederen
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 3.7.2, 3.9.1, 3.8.3
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> The {{dependency-check:check}}... check currently fails with the following:
> {noformat}
> [ERROR] netty-handler-4.1.94.Final.jar: CVE-2023-4586(6.5)
> {noformat}
> According to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4586 , 
> CVE-2023-4586 is reserved.  No fix or additional information is available as 
> of the creation of this ticket.
> We have to:
> # Temporarily suppress the check;
> # Monitor CVE-2023-4586 and apply the remediation as soon as it becomes 
> available.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (ZOOKEEPER-4755) Handle Netty CVE-2023-4586

Reply via email to