[
https://issues.apache.org/jira/browse/SOLR-14296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17059414#comment-17059414
]
Erick Erickson edited comment on SOLR-14296 at 3/14/20, 5:22 PM:
-----------------------------------------------------------------
I found some weirdness between the Gradle build (versions.lock) while working
on upgrading ZK, so I'll do both at once. Curiously, the gradle version was
4.1.45, not sure how it got there.
Meanwhile, 4.1.47 came out so I'll upgrade to that.
Thanks [~asalamon74] for doing the work on this, I'm glad you found the issue
with 1.45, that'll make things easier.
was (Author: erickerickson):
I found some weirdness between the Gradle build (versions.lock) while working
on upgrading ZK, so I'll do both at once. Curiously, the gradle version was
4.1.45, not sure how it got there.
Thanks [~asalamon74] for doing the work on this, I'm glad you found the issue
with 1.45, that'll make things easier.
> Update netty to 4.1.47
> ----------------------
>
> Key: SOLR-14296
> URL: https://issues.apache.org/jira/browse/SOLR-14296
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Andras Salamon
> Priority: Minor
> Attachments: SOLR-14296-01.patch
>
>
> There are two CVEs against the current netty version:
> [https://nvd.nist.gov/vuln/detail/CVE-2019-20444]
> [https://nvd.nist.gov/vuln/detail/CVE-2019-20445]
> Although solr is not affected it would be still good to update netty.
> The first non-affected netty version is 4.1.45 but during the update I've
> found a netty bug ( [https://github.com/netty/netty/issues/10017] ) so it's
> better to update to 4.1.46
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
