[
https://issues.apache.org/jira/browse/TINKERPOP-2883?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jim Foscue updated TINKERPOP-2883:
----------------------------------
Summary: Vulnerability in Netty libraries (was: CLONE - Vulnerability in
com.hazelcase_hazelcast-3.7.8)
> Vulnerability in Netty libraries
> --------------------------------
>
> Key: TINKERPOP-2883
> URL: https://issues.apache.org/jira/browse/TINKERPOP-2883
> Project: TinkerPop
> Issue Type: Improvement
> Affects Versions: 3.6.2
> Reporter: Jim Foscue
> Priority: Major
> Labels: Ironbank
>
> Vulnerability in netty-3.9.9
> Need to update to netty libraries to greater than 4.1.44
> https://nvd.nist.gov/vuln/detail/CVE-2019-20445
> HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header
> to be accompanied by a second Content-Length header, or by a
> Transfer-Encoding header.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
