[jira] [Commented] (ZOOKEEPER-4272) Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295
[ https://issues.apache.org/jira/browse/ZOOKEEPER-4272?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17457185#comment-17457185 ] Sourabh Sarvotham Parkala commented on ZOOKEEPER-4272: -- Hello Team, Thanks for the fix. Is there a specific release date for 3.5.10? Thanks Sourabh > Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295 > -- > > Key: ZOOKEEPER-4272 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4272 > Project: ZooKeeper > Issue Type: Bug > Components: security >Affects Versions: 3.6.2 >Reporter: Dominique Mongelli >Assignee: Ayush Mantri >Priority: Major > Labels: pull-request-available > Fix For: 3.5.10, 3.6.3, 3.8.0, 3.7.1 > > Time Spent: 1.5h > Remaining Estimate: 0h > > Our security tool raised the following security flaw on zookeeper 3.6.2: > [https://nvd.nist.gov/vuln/detail/CVE-2021-21295] > It is a vulnerability related to jar *netty-codec-4.1.50.Final.jar*. > Based on netty issue tracker, the vulnerability is fixed in 4.1.60.Final: > [https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj] -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (ZOOKEEPER-4272) Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295
[ https://issues.apache.org/jira/browse/ZOOKEEPER-4272?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17313880#comment-17313880 ] Dominique Mongelli commented on ZOOKEEPER-4272: --- This fix covers also CVE-2021-21290 > Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295 > -- > > Key: ZOOKEEPER-4272 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4272 > Project: ZooKeeper > Issue Type: Bug > Components: security >Affects Versions: 3.6.2 >Reporter: Dominique Mongelli >Assignee: Ayush Mantri >Priority: Major > Labels: pull-request-available > Fix For: 3.5.10, 3.6.3, 3.8.0, 3.7.1 > > Time Spent: 1.5h > Remaining Estimate: 0h > > Our security tool raised the following security flaw on zookeeper 3.6.2: > [https://nvd.nist.gov/vuln/detail/CVE-2021-21295] > It is a vulnerability related to jar *netty-codec-4.1.50.Final.jar*. > Based on netty issue tracker, the vulnerability is fixed in 4.1.60.Final: > [https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (ZOOKEEPER-4272) Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295
[ https://issues.apache.org/jira/browse/ZOOKEEPER-4272?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17312931#comment-17312931 ] Dominique Mongelli commented on ZOOKEEPER-4272: --- Hello, Thanks for taking care of the issue very quickly. I'm wondering if there is some target date for zookeeper 3.6.3 ? I was looking for a specific page for future release plan but did not find it. Does it exist ? > Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295 > -- > > Key: ZOOKEEPER-4272 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4272 > Project: ZooKeeper > Issue Type: Bug > Components: security >Affects Versions: 3.6.2 >Reporter: Dominique Mongelli >Assignee: Ayush Mantri >Priority: Major > Labels: pull-request-available > Fix For: 3.5.10, 3.6.3, 3.8.0, 3.7.1 > > Time Spent: 1.5h > Remaining Estimate: 0h > > Our security tool raised the following security flaw on zookeeper 3.6.2: > [https://nvd.nist.gov/vuln/detail/CVE-2021-21295] > It is a vulnerability related to jar *netty-codec-4.1.50.Final.jar*. > Based on netty issue tracker, the vulnerability is fixed in 4.1.60.Final: > [https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (ZOOKEEPER-4272) Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295
[ https://issues.apache.org/jira/browse/ZOOKEEPER-4272?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17312488#comment-17312488 ] Mohammad Arshad commented on ZOOKEEPER-4272: Thanks [~ayushmantri] for the PRs Thanks [~eolivelli] for the reviews. > Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295 > -- > > Key: ZOOKEEPER-4272 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4272 > Project: ZooKeeper > Issue Type: Bug > Components: security >Affects Versions: 3.6.2 >Reporter: Dominique Mongelli >Assignee: Ayush Mantri >Priority: Major > Labels: pull-request-available > Fix For: 3.5.10, 3.6.3, 3.8.0, 3.7.1 > > Time Spent: 1h 20m > Remaining Estimate: 0h > > Our security tool raised the following security flaw on zookeeper 3.6.2: > [https://nvd.nist.gov/vuln/detail/CVE-2021-21295] > It is a vulnerability related to jar *netty-codec-4.1.50.Final.jar*. > Based on netty issue tracker, the vulnerability is fixed in 4.1.60.Final: > [https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (ZOOKEEPER-4272) Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295
[ https://issues.apache.org/jira/browse/ZOOKEEPER-4272?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17312126#comment-17312126 ] Ayush Mantri commented on ZOOKEEPER-4272: - i'll raise PR asap > Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295 > -- > > Key: ZOOKEEPER-4272 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4272 > Project: ZooKeeper > Issue Type: Bug > Components: security >Affects Versions: 3.6.2 >Reporter: Dominique Mongelli >Priority: Major > > Our security tool raised the following security flaw on zookeeper 3.6.2: > [https://nvd.nist.gov/vuln/detail/CVE-2021-21295] > It is a vulnerability related to jar *netty-codec-4.1.50.Final.jar*. > Based on netty issue tracker, the vulnerability is fixed in 4.1.60.Final: > [https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj] -- This message was sent by Atlassian Jira (v8.3.4#803005)
