[ https://issues.apache.org/jira/browse/CASSANDRA-16463?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17289143#comment-17289143 ]
Benedict Elliott Smith edited comment on CASSANDRA-16463 at 2/23/21, 3:49 PM: ------------------------------------------------------------------------------ The CVEs are not relevant to Cassandra as [we do not make use of the affected components|https://github.com/apache/cassandra/search?q=HttpObjectDecoder]. was (Author: benedict): The CVEs are not relevant to Cassandra as we do not make use of the affected components. > high and critical CVEs io.netty to 4.1.42.Final to fix critical and high > vulnerabilities > ---------------------------------------------------------------------------------------- > > Key: CASSANDRA-16463 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16463 > Project: Cassandra > Issue Type: Improvement > Components: Dependencies > Reporter: Bhargav Joshi > Priority: High > > Repository | Tag | CVE ID | Severity | Packages | Source Package | Package > Version | Fix Status > -- | -- | -- | -- | -- | -- | -- | -- > datastax/cassandra-mgmtapi-3_11_7 | v0.1.22 | CVE-2019-20445 | critical | > io.netty_netty-all | | 4.0.44.Final | fixed in 4.1.44 > datastax/cassandra-mgmtapi-3_11_7 | v0.1.22 | CVE-2019-20444 | critical | > io.netty_netty-all | | 4.0.44.Final | fixed in 4.1.44 > datastax/cassandra-mgmtapi-3_11_7 | v0.1.22 | CVE-2019-16869 | high | > io.netty_netty-all | | 4.0.44.Final | fixed in 4.1.42.Final -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org