[jira] [Commented] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869
[ https://issues.apache.org/jira/browse/SPARK-30308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17000760#comment-17000760 ] Ankit Raj Boudh commented on SPARK-30308: - @srowen , please help me to close this issue > Update Netty and Netty-all to address CVE-2019-16869 > > > Key: SPARK-30308 > URL: https://issues.apache.org/jira/browse/SPARK-30308 > Project: Spark > Issue Type: Dependency upgrade > Components: Security >Affects Versions: 2.4.4 >Reporter: Vishwas >Priority: Minor > Labels: security > Fix For: 2.4.4 > > > As per [CVE-2019-16869|http://www.cvedetails.com/cve/CVE-2019-16869/], netty > mishandled whitespace before the colon in HTTP headers (such as a > "Transfer-Encoding : chunked" line), which lead to HTTP request smuggling. > This issue has been resolved in version 4.1.42.Final for both netty and > netty-all packages. > > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org
[jira] [Commented] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869
[ https://issues.apache.org/jira/browse/SPARK-30308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17000756#comment-17000756 ] Ankit Raj Boudh commented on SPARK-30308: - It's already updated to 4.1.42.Final as a part of SPARK-29445 > Update Netty and Netty-all to address CVE-2019-16869 > > > Key: SPARK-30308 > URL: https://issues.apache.org/jira/browse/SPARK-30308 > Project: Spark > Issue Type: Dependency upgrade > Components: Security >Affects Versions: 2.4.4 >Reporter: Vishwas >Priority: Minor > Labels: security > > As per [CVE-2019-16869|http://www.cvedetails.com/cve/CVE-2019-16869/], netty > mishandled whitespace before the colon in HTTP headers (such as a > "Transfer-Encoding : chunked" line), which lead to HTTP request smuggling. > This issue has been resolved in version 4.1.42.Final for both netty and > netty-all packages. > > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org
[jira] [Commented] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869
[ https://issues.apache.org/jira/browse/SPARK-30308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17000522#comment-17000522 ] Ankit Raj Boudh commented on SPARK-30308: - [~vishwaskumar], 4.1.43.Final version we need to update ? > Update Netty and Netty-all to address CVE-2019-16869 > > > Key: SPARK-30308 > URL: https://issues.apache.org/jira/browse/SPARK-30308 > Project: Spark > Issue Type: Dependency upgrade > Components: Security >Affects Versions: 2.4.4 >Reporter: Vishwas >Priority: Minor > Labels: security > > As per [CVE-2019-16869|http://www.cvedetails.com/cve/CVE-2019-16869/], netty > mishandled whitespace before the colon in HTTP headers (such as a > "Transfer-Encoding : chunked" line), which lead to HTTP request smuggling. > This issue has been resolved in version 4.1.42.Final for both netty and > netty-all packages. > > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org