[
https://issues.apache.org/jira/browse/FLINK-21019?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17278779#comment-17278779
]
Adam Roberts commented on FLINK-21019:
--------------------------------------
Many thanks for this, could this patch find its way into the 1.11.4 release
please? I know this is currently targeted at only 1.13 but I'm curious either
way, thanks again - I am cloning the 1.11.3 tag currently and looking to make
the same set of changes, but always aware of other dependencies that may be
relying on it and so it's not always so easy
> Bump Netty 4 to 4.1.46
> ----------------------
>
> Key: FLINK-21019
> URL: https://issues.apache.org/jira/browse/FLINK-21019
> Project: Flink
> Issue Type: Improvement
> Components: API / Python, Connectors / Cassandra, Connectors /
> ElasticSearch, Connectors / HBase
> Reporter: Dian Fu
> Assignee: Huang Xingbo
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.13.0
>
>
> Our current Netty version (4.1.44) is vulnerable for at least this CVE:
> [https://nvd.nist.gov/vuln/detail/CVE-2020-11612]
> Bumping to 4.1.46+ should solve it.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
