> As far as I understood Ratis/Ozone are not affected by these > vulnerabilities.
> I am +1 to create new ratis-thirdparty release, but IMHO we don't need > to cancel the current 2.0.0 vote, we can close it and release the > artifacts @Tsz-wo What do you think ? Arpit Agarwal <[email protected]> 于2021年3月23日周二 上午5:58写道: > Can we conclude this vote now? > > > On Mar 22, 2021, at 7:38 AM, Elek, Marton <[email protected]> wrote: > > > > > > > > On 3/20/21 3:48 AM, Tsz Wo Sze wrote: > >> In https://issues.apache.org/jira/browse/RATIS-1342 , we have bumped > Netty > >> version to 4.1.60.Final in ratis-thirdparty due to the Netty > >> vulnerabilities. > >> - > https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2 > >> - > https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj > >> Should we also have a ratis-thridparty release? > >> > > > > As far as I understood Ratis/Ozone are not affected by these > vulnerabilities. > > > > I am +1 to create new ratis-thirdparty release, but IMHO we don't need > to cancel the current 2.0.0 vote, we can close it and release the > artifacts... > > > > Marton > >
