[ https://issues.apache.org/jira/browse/HADOOP-11219?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17173383#comment-17173383 ]
Kevin Risden commented on HADOOP-11219: --------------------------------------- https://snyk.io/vuln/SNYK-JAVA-IONETTY-473694 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16869 https://github.com/netty/netty/issues/9571#issuecomment-552070089 There is at least one CVE affecting Netty <4 - Ironically this was published around the same week as [~weichiu]'s comment. > Upgrade to netty 4 > ------------------ > > Key: HADOOP-11219 > URL: https://issues.apache.org/jira/browse/HADOOP-11219 > Project: Hadoop Common > Issue Type: Improvement > Reporter: Haohui Mai > Assignee: Haohui Mai > Priority: Major > > This is an umbrella jira to track the effort of upgrading to Netty 4. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org