[
https://issues.apache.org/jira/browse/CASSJAVA-113?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Francisco Guerrero updated CASSJAVA-113:
----------------------------------------
Reviewers: Francisco Guerrero
Status: Review In Progress (was: Patch Available)
> Update Netty for driver to 4.1.129.Final
> ----------------------------------------
>
> Key: CASSJAVA-113
> URL: https://issues.apache.org/jira/browse/CASSJAVA-113
> Project: Apache Cassandra Java driver
> Issue Type: Task
> Components: Core
> Reporter: Stefan Miklosovic
> Assignee: Stefan Miklosovic
> Priority: Normal
> Attachments: cassandra-java-driver-review-pr2068.txt
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> There are various CVE scanners which detect that 4.19.0 which uses Netty
> 4.1.94 contains CVEs. While I do not personally think they are exploitable,
> the scanners will trigger alarm and then it is virtually impossible to
> persuade people looking at these scanners that it is most probably just fine.
> In order to fix this issue, we need to bump Netty version to e.g. 4.1.126. I
> see that in the current trunk it is 4.1.119 so it should be pretty smooth
> bump.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
