This is an automated email from the ASF dual-hosted git repository. alexey pushed a commit to branch branch-1.17.x in repository https://gitbox.apache.org/repos/asf/kudu.git
commit 500d3d19f15c9c9b0e273adda7ec637dbc45c5c6 Author: Alexey Serbin <[email protected]> AuthorDate: Tue May 28 16:52:14 2024 -0700 KUDU-3581: upgrade Netty to 4.1.110.Final Even if Kudu doesn't use anything from Netty at its server side and is not affected by the HTTP/2 rapid reset issue, it makes sense to upgrade the Netty package used by the Kudu Java client library to include the fix for well-known CVE [1]. It would be enough to upgrade up to 4.1.100.Final, but I took the liberty of upgrading up to the latest available 4.1.110.Final version. [1] https://www.cve.org/CVERecord?id=CVE-2023-44487 Change-Id: I6e2ad686374b06d7b8cb28a7a456c21977b95ea8 Reviewed-on: http://gerrit.cloudera.org:8080/21464 Tested-by: Alexey Serbin <[email protected]> Reviewed-by: Yingchun Lai <[email protected]> (cherry picked from commit 8d5f82483665fd6229d08fdfe94c87b07f80f986) Reviewed-on: http://gerrit.cloudera.org:8080/21465 Reviewed-by: Attila Bukor <[email protected]> --- java/gradle/dependencies.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/gradle/dependencies.gradle b/java/gradle/dependencies.gradle index 2a9724a13..e205649b3 100755 --- a/java/gradle/dependencies.gradle +++ b/java/gradle/dependencies.gradle @@ -49,7 +49,7 @@ versions += [ micrometer : "1.8.2", mockito : "4.2.0", murmur : "1.0.0", - netty : "4.1.94.Final", + netty : "4.1.110.Final", osdetector : "1.6.2", protobuf : "3.21.12", ranger : "2.1.0",
