Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade Netty version to 4.1.60.final #10073

Merged
merged 1 commit into from
Mar 30, 2021
Merged

Upgrade Netty version to 4.1.60.final #10073

merged 1 commit into from
Mar 30, 2021

Conversation

aahmed-se
Copy link
Contributor

@aahmed-se aahmed-se commented Mar 29, 2021
edited by merlimat
Loading

Upgrade netty to resolve security issues in the current version.

Fixes #10071

@aahmed-se aahmed-se self-assigned this Mar 29, 2021
merlimat
merlimat reviewed Mar 29, 2021
View reviewed changes
pom.xml Outdated
@@ -106,7 +106,7 @@ flexible messaging model and an intuitive client API.</description>
<snappy.version>1.1.7</snappy.version> <!-- ZooKeeper server -->
<dropwizardmetrics.version>3.2.5</dropwizardmetrics.version> <!-- ZooKeeper server -->
<curator.version>5.1.0</curator.version>
<netty.version>4.1.51.Final</netty.version>
<netty.version>4.1.60.Final</netty.version>
<netty-tc-native.version>2.0.33.Final</netty-tc-native.version>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should update to the accompanying tc native version as well : 2.0.36.

Also, the license files need to be updated

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also in pulsar-sql/presto-distribution/LICENSE

@merlimat merlimat added this to the 2.8.0 milestone Mar 29, 2021
@merlimat merlimat merged commit ae606b9 into apache:master Mar 30, 2021
@eolivelli eolivelli mentioned this pull request Mar 30, 2021
Closed
@sijie sijie mentioned this pull request Mar 30, 2021
Open
@codelipenghui codelipenghui added the cherry-picked/branch-2.7 Archived: 2.7 is end of life label Mar 30, 2021
codelipenghui pushed a commit that referenced this pull request Mar 30, 2021
@aahmed-se @codelipenghui
Upgrade Netty version to 4.1.60.final (#10073)
8ed886e 
Co-authored-by: Ali Ahmed <alia@splunk.com>
(cherry picked from commit ae606b9)
@lhotari
Copy link
Member

lhotari commented Apr 1, 2021

I can see that this fix has been backported to branch-2.7 . Is there anything that prevents upgrading Netty in branch-2.6 ?

merlimat pushed a commit to merlimat/pulsar that referenced this pull request Apr 6, 2021
@aahmed-se
Upgrade Netty version to 4.1.60.final (apache#10073)
02bc924 
Co-authored-by: Ali Ahmed <alia@splunk.com>
@lhotari lhotari mentioned this pull request Apr 30, 2021
Closed
lhotari added a commit to lhotari/pulsar that referenced this pull request Jun 11, 2021
@lhotari
Revert "Upgrade Netty version to 4.1.60.final (apache#10073)"
63af2c9 
This reverts commit ae606b9.
@aahmed-se aahmed-se deleted the netty branch July 1, 2021 05:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@merlimat merlimat merlimat approved these changes

@eolivelli eolivelli Awaiting requested review from eolivelli

Assignees

@aahmed-se aahmed-se

Labels
area/security cherry-picked/branch-2.7 Archived: 2.7 is end of life release/2.7.2
Projects
None yet
Milestone
2.8.0
Development

Successfully merging this pull request may close these issues.

CVE-2021-21295 & CVE-2021-21290
4 participants
@aahmed-se @lhotari @merlimat @codelipenghui