[
https://issues.apache.org/jira/browse/CASSJAVA-59?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17925755#comment-17925755
]
Bret McGuire commented on CASSJAVA-59:
--------------------------------------
Thanks for the ticket [~yourib] ! We had a [subsequent
ticket|https://issues.apache.org/jira/browse/CASSJAVA-77] which made a similar
point and even though this ticket was filed first I'm going to manage work on
this issue going forward on the new ticket. My rationale is that in addition
to the ticket for 4.x there's a distinct ticket to upgrade the 3.x driver as
well. As of Java driver 4.14.1 and 3.11.2 both the 4.x and 3.x driver use the
same version of Netty. The intent was to keep behaviours across the driver(s)
more consistent; it's more difficult to track down weird Netty bugs between
drivers when they aren't working from a common code base.
In the interest of keeping that consistent behaviour across drivers I want to
upgrade Netty on both drivers at the same time. The existence of CASSJAVA-77
and CASSJAVA-78 make that slightly easier.
I would encourage you to remain involved by following and commenting on
CASSJAVA-77 (and CASSJAVA-78).
Thanks again for getting this effort started!
> Upgrade Netty version to 4.1.115.Final
> --------------------------------------
>
> Key: CASSJAVA-59
> URL: https://issues.apache.org/jira/browse/CASSJAVA-59
> Project: Apache Cassandra Java driver
> Issue Type: Task
> Reporter: Youri
> Priority: Normal
> Fix For: 4.19.1
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> This version fixes a CVE:
> https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
