symat commented on pull request #1817: URL: https://github.com/apache/zookeeper/pull/1817#issuecomment-1036133003
> I see in the pom.xml file that we use a quite recent netty, but a very old netty-tcnative-classes never mind, I see 2.0.48.Final is actually the latest netty-tcnative. In this case I don't understand why these old CVEs appeared now. How can we get e.g. this one: https://nvd.nist.gov/vuln/detail/CVE-2015-2156 This should not be reported for 4.1.73.Final and this has nothing to do with netty-tcnative, AFAICT Do we have some old netty on our classpath we should exclude? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@zookeeper.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org