[
https://issues.apache.org/jira/browse/HDDS-9514?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Attila Doroszlai resolved HDDS-9514.
------------------------------------
Fix Version/s: 1.4.0
Resolution: Done
> Upgrade netty to 4.1.100.Final
> ------------------------------
>
> Key: HDDS-9514
> URL: https://issues.apache.org/jira/browse/HDDS-9514
> Project: Apache Ozone
> Issue Type: Task
> Reporter: Rohit Kumar
> Assignee: Rohit Kumar
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.4.0
>
>
> Upgrade netty to 4.1.100.Final due to CVE-2023-44487
> CVE-2023-44487
> The HTTP/2 protocol allows a denial of service (server resource consumption)
> because request cancellation can reset many streams quickly, as exploited in
> the wild in August through October 2023.
> *Base Score:* [7.5
> HIGH|https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-44487&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H&version=3.1&source=NIST]
> There is a known exploit for this vulnerability, so we need to prioritise
> this despite it being a High severity CVE and not a critical.
> [https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
