[
https://issues.apache.org/jira/browse/HBASE-18891?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16320933#comment-16320933
]
Josh Elser commented on HBASE-18891:
------------------------------------
Any feedback from folks on this one? I'd like to make sure I actually get this
committed before I forget about it for another few months. [~apurtell] for a
1.3. Not sure if [~busbey] is watching lists close enough to weigh in for a 1.2
commit (maybe [~stack] or [~mdrob] in his IRL absence?).
tl;dr we bumped to a sufficiently newer version of netty-all to avoid a ding by
security scans on public CVEs, but not _so_ new as the newest version of
netty-all included java8 compiled classes in the jar (which would break out
java7 compat statement).
> Upgrade netty-all jar
> ---------------------
>
> Key: HBASE-18891
> URL: https://issues.apache.org/jira/browse/HBASE-18891
> Project: HBase
> Issue Type: Bug
> Reporter: Josh Elser
> Assignee: Josh Elser
> Priority: Critical
> Fix For: 1.3.2, 1.2.8
>
> Attachments: HBASE-18891.001.branch-1.3.patch,
> HBASE-18891.002.branch-1.3.patch, HBASE-18891.002.branch-1.3.patch,
> HBASE-18891.002.branch-1.3.patch, HBASE-18891.003.branch-1.3.patch
>
>
> Upgrade netty-all jar to 4.0.37.Final version to fix latest vulnerabilities
> reported.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
