[
https://issues.apache.org/jira/browse/CASSANDRA-20152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18055152#comment-18055152
]
Dmitry Konstantinov commented on CASSANDRA-20152:
-------------------------------------------------
it looks like mixup of CASSANDRA-20152 vs CASSANDRA-21052 (0 vs 1 permutation)
[https://github.com/apache/cassandra/commit/ec3b425c38d92d20d77d3a87c782ed9c072e1cd9]
commit is related to CASSANDRA-21052
so, I am cleaning *Source Control Link* here to avoid confusions.
Regarding [CVE-2024-47535|https://nvd.nist.gov/vuln/detail/CVE-2024-47535]
itself - it is valid for netty up to 4.1.115 (excluding). 5.0 and trunk has a
netty version newer than 4.1.115. Do we need to suppress the CVE in this case?
> Suppress CVE-2024-47535 – Switch lz4-java to at.yawk.lz4
> --------------------------------------------------------
>
> Key: CASSANDRA-20152
> URL: https://issues.apache.org/jira/browse/CASSANDRA-20152
> Project: Apache Cassandra
> Issue Type: Improvement
> Components: Build
> Reporter: Abe Ratnofsky
> Assignee: Abe Ratnofsky
> Priority: Normal
> Fix For: 4.0.20, 4.1.11, 5.0.7, 5.1
>
>
> [https://nvd.nist.gov/vuln/detail/CVE-2024-47535] is only an issue on
> Windows, which we don't support anymore.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
