Adam Roberts created HADOOP-17556:
-------------------------------------
Summary: Understanding Netty versions and upgrading them (three
findings in Hadoop we could upgrade?)
Key: HADOOP-17556
URL: https://issues.apache.org/jira/browse/HADOOP-17556
Project: Hadoop Common
Issue Type: Bug
Reporter: Adam Roberts
Hi everyone, have been raising a few JIRAs recently related to dependencies in
Flink and Hadoop, and for Hadoop I have noticed the following versions of Netty
in use. I'm wondering if we can work to upgrade these (potentially all to the
same version) to remediate any CVEs we have.
Here's what the Twistlock container scan picked up (so, this is Flink with
Hadoop 3.3.1 snapshot, which I've scanned), so any thoughts or upgrade ideas
would be most welcome!
{{ }}{{"version": "3.10.6.Final",}}
{{ "name": "io.netty_netty",}}
{{ "path": "/opt/flink/lib/flink-shaded-hadoop-3-uber-3.3.1-SNAPSHOT-10.0.jar"
},}}}}
{{ "version": "4.1.50.Final",}}
{{ "name": "io.netty_netty-all",}}
{{ "path":
"/opt/flink/lib/flink-shaded-hadoop-3-uber-3.3.1-SNAPSHOT-10.0.jar"},}}}}
{{ "version": "4.1.42.Final",}}
{{ "name": "io.netty_netty-codec",}}
{{ "path": "/opt/flink/lib/flink-shaded-hadoop-3-uber-3.3.1-SNAPSHOT-10.0.jar"
},}}}}
The latest 4.1 Netty I see is \{{}}
{{[https://mvnrepository.com/artifact/io.netty/netty-all/4.1.59.Final] }}{{}}
{{}}
which may help with the above findings (assume things are all compatible!),
thanks
{{}}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
