[
https://issues.apache.org/jira/browse/HADOOP-18079?focusedWorklogId=761955&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-761955
]
ASF GitHub Bot logged work on HADOOP-18079:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 25/Apr/22 18:22
Start Date: 25/Apr/22 18:22
Worklog Time Spent: 10m
Work Description: jojochuang commented on PR #3977:
URL: https://github.com/apache/hadoop/pull/3977#issuecomment-1108895387
@dmmkr would you share more details? Our use of netty shouldn't depend on
tcnative.
Also if the CVE warning comes from OWASP, it is likely a false-positive:
https://github.com/jeremylong/DependencyCheck/issues/3865
Issue Time Tracking
-------------------
Worklog Id: (was: 761955)
Time Spent: 1.5h (was: 1h 20m)
> Upgrade Netty to 4.1.74
> -----------------------
>
> Key: HADOOP-18079
> URL: https://issues.apache.org/jira/browse/HADOOP-18079
> Project: Hadoop Common
> Issue Type: Bug
> Reporter: Renukaprasad C
> Priority: Major
> Labels: pull-request-available
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
> h4. Netty version - 4.1.71 has fix some CVEs. We can upgradeĀ the netty to
> 4.1.7.1.Final or latest stable version - 4.1.7.2.Final.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
