[
https://issues.apache.org/jira/browse/CASSJAVA-113?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stefan Miklosovic updated CASSJAVA-113:
---------------------------------------
Change Category: Quality Assurance
Complexity: Normal
Component/s: Core
Status: Open (was: Triage Needed)
> Update Netty for driver to 4.1.126.Final
> ----------------------------------------
>
> Key: CASSJAVA-113
> URL: https://issues.apache.org/jira/browse/CASSJAVA-113
> Project: Apache Cassandra Java driver
> Issue Type: Task
> Components: Core
> Reporter: Stefan Miklosovic
> Assignee: Stefan Miklosovic
> Priority: Normal
>
> There are various CVE scanners which detect that 4.19.0 which uses Netty
> 4.1.94 contains CVEs. While I do not personally think they are exploitable,
> the scanners will trigger alarm and then it is virtually impossible to
> persuade people looking at these scanners that it is most probably just fine.
> In order to fix this issue, we need to bump Netty version to e.g. 4.1.26. I
> see that in the current trunk it is 4.1.119 so it should be pretty smooth
> bump.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
