[
https://issues.apache.org/jira/browse/RATIS-2265?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17937776#comment-17937776
]
Xinyu Tan commented on RATIS-2265:
----------------------------------
[~szetszwo] But 4.1.110.Final has a cve
[issue|https://nvd.nist.gov/vuln/detail/CVE-2024-47535] and it has been fixed
in 4.1.115.Final. Maybe we need to make a choice between security and stability.
If we use the latest version of netty and grpc is not compatible, can we raise
an issue with grpc to solve this problem?
> Thirdparty should use the netty version recommended by gRPC
> -----------------------------------------------------------
>
> Key: RATIS-2265
> URL: https://issues.apache.org/jira/browse/RATIS-2265
> Project: Ratis
> Issue Type: Improvement
> Components: thirdparty
> Reporter: Tsz-wo Sze
> Assignee: Tsz-wo Sze
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> The mysterious problem reported by HDDS-12103 could be caused by the
> underlying libraries. In this JIRA, we try changing the grpc, netty, protobuf
> versions.
> We should use the netty version recommended by gRPC
> - https://github.com/grpc/grpc-java/blob/master/SECURITY.md#netty
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
