[
https://issues.apache.org/jira/browse/ARROW-16996?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Hui Yu updated ARROW-16996:
---------------------------
Description:
[CVE-2022-24823]([https://github.com/advisories/GHSA-269q-hmxg-m83q]) reports a
security vulnerability for *netty-codec*
Now the version of *netty-codec* in the master branch is {*}4.1.72.Final{*},
that is unsafe.
Can you upgrade the version of this depenency ?
h4.
was:
[CVE-2022-24823]([https://github.com/advisories/GHSA-269q-hmxg-m83q]) reports a
security vulnerability for *netty-codec*
Now the version of *netty-codec* in the master branch of Arrow is
{*}4.1.72.Final{*}, that is unsafe.
Can you upgrade the version of this depenency ?
h4.
> [Java] Upgrade netty-codec dependencies
> ---------------------------------------
>
> Key: ARROW-16996
> URL: https://issues.apache.org/jira/browse/ARROW-16996
> Project: Apache Arrow
> Issue Type: Bug
> Components: Java
> Affects Versions: 8.0.0
> Reporter: Hui Yu
> Assignee: David Dali Susanibar Arce
> Priority: Major
> Labels: pull-request-available
> Fix For: 9.0.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> [CVE-2022-24823]([https://github.com/advisories/GHSA-269q-hmxg-m83q]) reports
> a security vulnerability for *netty-codec*
> Now the version of *netty-codec* in the master branch is {*}4.1.72.Final{*},
> that is unsafe.
> Can you upgrade the version of this depenency ?
> h4.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
