[jira] [Commented] (OAK-10076) Bump netty dependency from 4.1.68.Final to 4.1.86.Final

Wed, 01 Feb 2023 04:39:04 -0800 


    [ 
https://issues.apache.org/jira/browse/OAK-10076?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17683006#comment-17683006
 ] 

Julian Reschke commented on OAK-10076:
--------------------------------------

trunk: (1.48.0) 
[10f9c5bac9|https://github.com/apache/jackrabbit-oak/commit/10f9c5bac993a711cc7853f1fa72620ea20f856f]
 (1.48.0) 
[ffc63efc76|https://github.com/apache/jackrabbit-oak/commit/ffc63efc76a014862800a06d9eeb8bdf2e045ebf]
 
[3b2671c25f|https://github.com/apache/jackrabbit-oak/commit/3b2671c25feadeaa8fc1d43cee10a270f29ee147]
1.22: 
[f5c2c54637|https://github.com/apache/jackrabbit-oak/commit/f5c2c54637d6b8b83c62dc4ad6c76c830c4c31f1]


> Bump netty dependency from 4.1.68.Final to 4.1.86.Final
> -------------------------------------------------------
>
>                 Key: OAK-10076
>                 URL: https://issues.apache.org/jira/browse/OAK-10076
>             Project: Jackrabbit Oak
>          Issue Type: Task
>          Components: segment-tar
>    Affects Versions: 1.46.0, 1.22.14
>            Reporter: Andrei Dulceanu
>            Assignee: Andrei Dulceanu
>            Priority: Major
>              Labels: cold-standby, vulnerability
>             Fix For: 1.48.0, 1.22.15
>
>
> *Vulnerabilities*
> CVE-2022-41881
> A StackOverflowError can be raised when parsing a malformed crafted message 
> due to an
> infinite recursion.
> [https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v|https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to