[
https://issues.apache.org/jira/browse/KUDU-3492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17747218#comment-17747218
]
Alexey Serbin edited comment on KUDU-3492 at 7/26/23 12:30 AM:
---------------------------------------------------------------
Thank you for reporting the issue, [~coheigea].
The upcoming Kudu 1.17.0 release should contain [the
fix|https://github.com/apache/kudu/commit/f607676b10fba3c8995b0632dc9c775445bff076].
As for 1.16.1, [the fix has been back-ported into the 1.16.x branch of the
git
repo|https://github.com/apache/kudu/commit/948517219a2ac860d8b0a7884b96da2f9268fe89],
but at this point it's not yet clear when maintenance release 1.16.1 of Kudu
is going to be happen.
was (Author: aserbin):
The upcoming Kudu 1.17.0 release should contain [the
fix|https://github.com/apache/kudu/commit/f607676b10fba3c8995b0632dc9c775445bff076].
As for 1.16.1, [the fix has been back-ported into the 1.16.x branch of the
git
repo|https://github.com/apache/kudu/commit/948517219a2ac860d8b0a7884b96da2f9268fe89],
but at this point it's not yet clear when maintenance release 1.16.1 of Kudu
is going to be happen.
> Netty CVE CVE-2023-34462
> ------------------------
>
> Key: KUDU-3492
> URL: https://issues.apache.org/jira/browse/KUDU-3492
> Project: Kudu
> Issue Type: Bug
> Affects Versions: 1.16.0
> Reporter: Colm O hEigeartaigh
> Priority: Major
> Fix For: 1.17.0, 1.16.1
>
>
> Netty was upgraded to 4.1.84.Final
> ([https://github.com/apache/kudu/commit/892bda293f238fddec47423d5c0b5be9576581f1)]
> but this still has known CVEs:
> * CVE-2022-41881 (fixed in 4.1.86.Final)
> * CVE-2023-34462 (fixed in 4.1.94.Final)
> Please update to at least 4.1.94.Final.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
