[
https://issues.apache.org/jira/browse/CASSANDRA-15873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17139458#comment-17139458
]
Matt Davis commented on CASSANDRA-15873:
----------------------------------------
I understand the hesitancy. What's the path forward here then? If we can
determine what the bar would be to accept this change, I'd be glad to do what
is necessary to meet it.
My suggestion was to run unit tests and dtests and add the results here.
(Running cassandra-stress I've so far seen no issues, we just need to add
proof.)
> Update Netty 4.0.44 -> 4.1.50 (fix security/performance issues)
> ---------------------------------------------------------------
>
> Key: CASSANDRA-15873
> URL: https://issues.apache.org/jira/browse/CASSANDRA-15873
> Project: Cassandra
> Issue Type: Task
> Components: Dependencies
> Reporter: Matt Davis
> Priority: Normal
> Fix For: 3.11.x
>
> Attachments: dependency-check-report.html
>
>
> See https://issues.apache.org/jira/browse/CASSANDRA-15868 for the same issue
> on 4.0 / trunk. Attached is an OWASP dependency report for Netty 4.0.44,
> which identifies 3 of the same vulnerabilities as above.
>
> Additionally, 4.1.50 contains aarch64 native libraries which can improve
> performance on ARM processors.
>
> (If the preference is to handle PRs for both versions/branches in a single
> issue, feel free to close this as a duplicate.)
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
