[ https://issues.apache.org/jira/browse/CASSANDRA-17326?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17489536#comment-17489536 ]
Michael F commented on CASSANDRA-17326: --------------------------------------- [~brandon.williams] , What about these CVEs: CVE-2020-7238 CVE-2021-37136 CVE-2021-37137 CVE-2021-43797 Will you suppress them also? > Security Bug > ------------ > > Key: CASSANDRA-17326 > URL: https://issues.apache.org/jira/browse/CASSANDRA-17326 > Project: Cassandra > Issue Type: Bug > Components: Dependencies > Reporter: Ori Prog > Priority: Normal > > The Cassandra 3.11.11 uses _netty-all-4.0.44.Final.jar_ > This library has the following CVEs. {*}Part of these CVEs are critical{*}! > Please upgrade to 4.1.71.Final > CVE-2019-20445 > CVE-2019-20444 > CVE-2019-16869 > CVE-2020-7238 > CVE-2021-37136 > CVE-2021-37137 > CVE-2021-21409 > CVE-2021-43797 > CVE-2021-21295 > CVE-2021-21290 -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org