[
https://issues.apache.org/jira/browse/CASSANDRA-18808?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17766849#comment-17766849
]
Norman Maurer commented on CASSANDRA-18808:
-------------------------------------------
Netty does not enable hostname verification by default. You need to enable it
by yourself. If you already have there is nothing you need to do.
> netty-handler vulnerability: CVE-2023-4586
> ------------------------------------------
>
> Key: CASSANDRA-18808
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18808
> Project: Cassandra
> Issue Type: Bug
> Components: Consistency/Coordination
> Reporter: Brandon Williams
> Assignee: Brandon Williams
> Priority: Normal
> Fix For: 5.0.x, 5.x
>
>
> This is failing OWASP:
> {noformat}
> Dependency-Check Failure:
> One or more dependencies were identified with vulnerabilities that have a
> CVSS score greater than or equal to '1.0':
> netty-handler-4.1.96.Final.jar: CVE-2023-4586
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
