[
https://issues.apache.org/jira/browse/SPARK-30308?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Vishwas updated SPARK-30308:
----------------------------
Description:
As per [CVE-2019-16869|http://www.cvedetails.com/cve/CVE-2019-16869/], netty
mishandled whitespace before the colon in HTTP headers (such as a
"Transfer-Encoding : chunked" line), which lead to HTTP request smuggling.
This issue has been resolved in version 4.1.42.Final for both netty and
netty-all packages.
was:
As per [CVE-2019-16869|[https://www.cvedetails.com/cve/CVE-2019-16869/]], netty
mishandled whitespace before the colon in HTTP headers (such as a
"Transfer-Encoding : chunked" line), which lead to HTTP request smuggling.
This issue has been resolved in version 4.1.42.Final for both netty and
netty-all packages.
> Update Netty and Netty-all to address CVE-2019-16869
> ----------------------------------------------------
>
> Key: SPARK-30308
> URL: https://issues.apache.org/jira/browse/SPARK-30308
> Project: Spark
> Issue Type: Dependency upgrade
> Components: Security
> Affects Versions: 2.4.4
> Reporter: Vishwas
> Priority: Minor
> Labels: security
>
> As per [CVE-2019-16869|http://www.cvedetails.com/cve/CVE-2019-16869/], netty
> mishandled whitespace before the colon in HTTP headers (such as a
> "Transfer-Encoding : chunked" line), which lead to HTTP request smuggling.
> This issue has been resolved in version 4.1.42.Final for both netty and
> netty-all packages.
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
