[
https://issues.apache.org/jira/browse/ZOOKEEPER-3563?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16941408#comment-16941408
]
Patrick D. Hunt commented on ZOOKEEPER-3563:
--------------------------------------------
I submitted patches for 3.5 and trunk. 3.4 is currently on 3.10.6.Final which
is very different base vs 4.1 (current dev line for netty). Someone would need
to backport what we did for 3.5/trunk if we want to fix that.
> dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty
> --------------------------------------------------------------------------
>
> Key: ZOOKEEPER-3563
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3563
> Project: ZooKeeper
> Issue Type: Bug
> Components: security
> Affects Versions: 3.5.5, 3.4.14
> Reporter: Patrick D. Hunt
> Priority: Blocker
> Labels: pull-request-available
> Fix For: 3.4.15, 3.5.6
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> The mvn dependency check is failing on 3.4 and 3.5:
> 3.4:
> [ERROR] netty-3.10.6.Final.jar: CVE-2019-16869
> 3.5:
> [ERROR] netty-transport-4.1.29.Final.jar: CVE-2019-16869
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
