[
https://issues.apache.org/jira/browse/CASSANDRA-17326?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Benedict Elliott Smith updated CASSANDRA-17326:
-----------------------------------------------
Resolution: Not A Problem
Status: Resolved (was: Triage Needed)
Please justify these as actual security problems. The project regularly audits
our exposure to CVEs, and it is most typical to find we are not exposed and
hence not upgrade.
If you believe the project is exposed to a specific CVE, please email
[email protected] with a full explanation of the exposure, with reference to
the source code.
> Security Bug
> ------------
>
> Key: CASSANDRA-17326
> URL: https://issues.apache.org/jira/browse/CASSANDRA-17326
> Project: Cassandra
> Issue Type: Bug
> Components: Dependencies
> Reporter: Ori Prog
> Priority: Normal
>
> The Cassandra 3.11.11 uses _netty-all-4.0.44.Final.jar_
> This library has the following CVEs. {*}Part of these CVEs are critical{*}!
> Please upgrade to 4.1.71.Final
> CVE-2019-20445
> CVE-2019-20444
> CVE-2019-16869
> CVE-2020-7238
> CVE-2021-37136
> CVE-2021-37137
> CVE-2021-21409
> CVE-2021-43797
> CVE-2021-21295
> CVE-2021-21290
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
