Jota Martos created SPARK-53436:
-----------------------------------
Summary: Upgrade Netty to 4.1.124.Final
Key: SPARK-53436
URL: https://issues.apache.org/jira/browse/SPARK-53436
Project: Spark
Issue Type: Task
Components: Build
Affects Versions: 4.0.0, 3.5.6
Reporter: Jota Martos
Upgrade Netty to 4.1.124.Final in order to fix CVE-2025-55163.
Netty is an asynchronous, event-driven network application framework. Prior to
versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset
DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses
malformed HTTP/2 control frames in order to break the max concurrent streams
limit - which results in resource exhaustion and distributed denial of service.
This issue has been patched in versions 4.1.124.Final and 4.2.4.Final.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
