Dominique Mongelli created ZOOKEEPER-4404: ---------------------------------------------
Summary: Upgrade Netty to 4.1.68 for CVE fixes Key: ZOOKEEPER-4404 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4404 Project: ZooKeeper Issue Type: Bug Affects Versions: 3.7.0 Reporter: Dominique Mongelli netty has reported a couple of CVEs regarding the usage of Bzip2Decoder and SnappyFrameDecoder. Reference : [CVE-2021-37136 - https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv|https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv] [CVE-2021-37137 - https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363|https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363] Can we upgrade Netty to version 4.1.68.Final to fix this ? -- This message was sent by Atlassian Jira (v8.3.4#803005)