[jira] [Commented] (ATLAS-4806) Upgrade netty to 4.1.100.Final due to CVE-2023-44487
[ https://issues.apache.org/jira/browse/ATLAS-4806?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17815783#comment-17815783 ] ASF subversion and git services commented on ATLAS-4806: Commit 04645652d7918ad96911fde06a06b6a142befa64 in atlas's branch refs/heads/branch-2.0 from Disha Talreja [ https://gitbox.apache.org/repos/asf?p=atlas.git;h=04645652d ] ATLAS-4806: Upgrade netty to 4.1.100.Final due to CVE-2023-44487 Signed-off-by: radhikakundam (cherry picked from commit f9df3293d74e10894ab4730ad2b8ccc593d8bc04) > Upgrade netty to 4.1.100.Final due to CVE-2023-44487 > > > Key: ATLAS-4806 > URL: https://issues.apache.org/jira/browse/ATLAS-4806 > Project: Atlas > Issue Type: Task > Components: atlas-core >Reporter: Disha Talreja >Assignee: Disha Talreja >Priority: Major > Attachments: ATLAS-4806.patch > > > CVE-2023-44487 > The HTTP/2 protocol allows a denial of service (server resource consumption) > because request cancellation can reset many streams quickly, as exploited in > the wild in August through October 2023. > *Base Score:* [7.5 > HIGH|https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-44487=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H=3.1=NIST] > There is a known exploit for this vulnerability, so we need to prioritise > this despite it being a High severity CVE and not a critical. > [https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p] > h4. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (ATLAS-4806) Upgrade netty to 4.1.100.Final due to CVE-2023-44487
[ https://issues.apache.org/jira/browse/ATLAS-4806?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17815782#comment-17815782 ] ASF subversion and git services commented on ATLAS-4806: Commit f9df3293d74e10894ab4730ad2b8ccc593d8bc04 in atlas's branch refs/heads/master from Disha Talreja [ https://gitbox.apache.org/repos/asf?p=atlas.git;h=f9df3293d ] ATLAS-4806: Upgrade netty to 4.1.100.Final due to CVE-2023-44487 Signed-off-by: radhikakundam > Upgrade netty to 4.1.100.Final due to CVE-2023-44487 > > > Key: ATLAS-4806 > URL: https://issues.apache.org/jira/browse/ATLAS-4806 > Project: Atlas > Issue Type: Task > Components: atlas-core >Reporter: Disha Talreja >Assignee: Disha Talreja >Priority: Major > Attachments: ATLAS-4806.patch > > > CVE-2023-44487 > The HTTP/2 protocol allows a denial of service (server resource consumption) > because request cancellation can reset many streams quickly, as exploited in > the wild in August through October 2023. > *Base Score:* [7.5 > HIGH|https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-44487=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H=3.1=NIST] > There is a known exploit for this vulnerability, so we need to prioritise > this despite it being a High severity CVE and not a critical. > [https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p] > h4. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: Review Request 74707: ATLAS-4806: Upgrade netty to 4.1.100.Final due to CVE-2023-44487
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74707/#review226207 --- Ship it! Ship It! - Radhika Kundam On Feb. 8, 2024, 9:32 a.m., Disha Talreja wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74707/ > --- > > (Updated Feb. 8, 2024, 9:32 a.m.) > > > Review request for atlas, Jayendra Parab and Radhika Kundam. > > > Bugs: ATLAS-4806 > https://issues.apache.org/jira/browse/ATLAS-4806 > > > Repository: atlas > > > Description > --- > > Upgraded netty version to 4.1.100.Final > > > Diffs > - > > pom.xml 0e21c7f31 > > > Diff: https://reviews.apache.org/r/74707/diff/2/ > > > Testing > --- > > Verified Manually > PC Build: > https://ci-builds.apache.org/job/Atlas/job/PreCommit-ATLAS-Build-Test/1547/ > > > Thanks, > > Disha Talreja > >
Re: Review Request 74707: ATLAS-4806: Upgrade netty to 4.1.100.Final due to CVE-2023-44487
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74707/ --- (Updated Feb. 8, 2024, 5:32 p.m.) Review request for atlas, Jayendra Parab and Radhika Kundam. Bugs: ATLAS-4806 https://issues.apache.org/jira/browse/ATLAS-4806 Repository: atlas Description --- Upgraded netty version to 4.1.100.Final Diffs - pom.xml 0e21c7f31 Diff: https://reviews.apache.org/r/74707/diff/2/ Testing (updated) --- Verified Manually PC Build: https://ci-builds.apache.org/job/Atlas/job/PreCommit-ATLAS-Build-Test/1547/ Thanks, Disha Talreja