[
https://issues.apache.org/jira/browse/HADOOP-18079?focusedWorklogId=796223&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-796223
]
ASF GitHub Bot logged work on HADOOP-18079:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 29/Jul/22 02:43
Start Date: 29/Jul/22 02:43
Worklog Time Spent: 10m
Work Description: jasonwzs commented on PR #4593:
URL: https://github.com/apache/hadoop/pull/4593#issuecomment-1198823378
https://infra.apache.org/licensing-howto.html#deps-of-deps is about license,
but this PR has only change to pom.xml.
In case that downstream application explicitly imports netty from hadoop
dependency, the versions of other netty libs that netty-all are determined by
netty-all version itself, so it's not necessary to list them in the
dependenciesManagment section in pom file.
Issue Time Tracking
-------------------
Worklog Id: (was: 796223)
Time Spent: 6h (was: 5h 50m)
> Upgrade Netty to 4.1.77.Final
> -----------------------------
>
> Key: HADOOP-18079
> URL: https://issues.apache.org/jira/browse/HADOOP-18079
> Project: Hadoop Common
> Issue Type: Bug
> Components: build
> Affects Versions: 3.3.3
> Reporter: Renukaprasad C
> Assignee: Wei-Chiu Chuang
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.4.0, 3.3.4, 3.2.5
>
> Time Spent: 6h
> Remaining Estimate: 0h
>
> h4. Netty version - 4.1.71 has fix some CVEs.
> CVE-2019-20444,
> CVE-2019-20445
> CVE-2022-24823
> Upgrade to latest version.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
