[ https://issues.apache.org/jira/browse/ARROW-16996?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Hui Yu updated ARROW-16996: --------------------------- Description: [CVE-2022-24823]([https://github.com/advisories/GHSA-269q-hmxg-m83q]) reports a security vulnerability for *netty-codec* Now the version of *netty-codec* in the master branch of Arrow is {*}4.1.72.Final{*}, that is unsafe. Can you upgrade the version of this depenency ? h4. was: [CVE-2022-24823]([https://github.com/advisories/GHSA-269q-hmxg-m83q]) reports a security vulnerability for *netty-codec* Now the version of *netty-codec* for the master branch of Arrow is {*}4.1.72.Final{*}, that is unsafe. Can you upgrade the version of this depenency ? h4. > [Java] Upgrade netty-codec dependencies > --------------------------------------- > > Key: ARROW-16996 > URL: https://issues.apache.org/jira/browse/ARROW-16996 > Project: Apache Arrow > Issue Type: Bug > Components: Java > Affects Versions: 8.0.0 > Reporter: Hui Yu > Assignee: David Dali Susanibar Arce > Priority: Major > Labels: pull-request-available > Fix For: 9.0.0 > > Time Spent: 20m > Remaining Estimate: 0h > > [CVE-2022-24823]([https://github.com/advisories/GHSA-269q-hmxg-m83q]) reports > a security vulnerability for *netty-codec* > Now the version of *netty-codec* in the master branch of Arrow is > {*}4.1.72.Final{*}, that is unsafe. > Can you upgrade the version of this depenency ? > h4. -- This message was sent by Atlassian Jira (v8.20.10#820010)