Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ZOOKEEPER-4649: Upgrade netty to 4.1.86 because of CVE-2022-41915 #1964

Merged
merged 1 commit into from Jan 19, 2023
Merged

ZOOKEEPER-4649: Upgrade netty to 4.1.86 because of CVE-2022-41915 #1964

merged 1 commit into from Jan 19, 2023

Conversation

symat
Copy link
Contributor

@symat symat commented Dec 13, 2022

Yesterday a new netty version was released fixing CVE-2022-41915
See https://nvd.nist.gov/vuln/detail/CVE-2022-41915
We need to upgrade the netty version.

cnauroth
cnauroth approved these changes Dec 13, 2022
View reviewed changes
Copy link
Contributor

@cnauroth cnauroth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1

It looks like CI is failing to check out the patch properly. I applied it locally and ran tests successfully.

Thank you, @symat !

@symat
Copy link
Contributor Author

symat commented Dec 14, 2022

Thanks for the quick review!
I tried to re-trigger the tests yesterday, but CI was failing constantly (must have been some infra issue). Now I re-triggered again and it seem to be started. I'll merge it to branch-3.6 once it finished.

The PR for the later branches will be a bit different (that also contains the NOTICE file update), I plan to use #1963 for master, branch-3.8 and branch-3.7.

@symat symat mentioned this pull request Dec 14, 2022
Merged
asfgit pushed a commit that referenced this pull request Dec 14, 2022
ZOOKEEPER-4649: Upgrade netty to 4.1.86 because of CVE-2022-41915
c66a779 
Yesterday a new netty version was released fixing CVE-2022-41915
See https://nvd.nist.gov/vuln/detail/CVE-2022-41915
We need to upgrade the netty version.

Author: Mate Szalay-Beko <symat@apache.com>

Reviewers: Chris Nauroth <cnauroth@apache.org>

Closes #1964 from symat/ZOOKEEPER-4649-branch-3.6
@eolivelli eolivelli merged commit 9a197f7 into apache:branch-3.6 Jan 19, 2023
desaikomal pushed a commit to linkedin/zookeeper that referenced this pull request Jun 17, 2023
@desaikomal
ZOOKEEPER-4649: Upgrade netty to 4.1.86 because of CVE-2022-41915
7021cf5 
Yesterday a new netty version was released fixing CVE-2022-41915
See https://nvd.nist.gov/vuln/detail/CVE-2022-41915
We need to upgrade the netty version.

Author: Mate Szalay-Beko <symat@apache.com>

Reviewers: Chris Nauroth <cnauroth@apache.org>

Closes apache#1964 from symat/ZOOKEEPER-4649-branch-3.6
desaikomal pushed a commit to linkedin/zookeeper that referenced this pull request Jun 17, 2023
@symat @desaikomal
ZOOKEEPER-4649: Upgrade netty to 4.1.86 because of CVE-2022-41915 (ap…
ae6cb5e 
…ache#1964)

Co-authored-by: Mate Szalay-Beko <symat@apache.com>
desaikomal pushed a commit to linkedin/zookeeper that referenced this pull request Jun 27, 2023
@desaikomal
ZOOKEEPER-4649: Upgrade netty to 4.1.86 because of CVE-2022-41915
81237e3 
Yesterday a new netty version was released fixing CVE-2022-41915
See https://nvd.nist.gov/vuln/detail/CVE-2022-41915
We need to upgrade the netty version.

Author: Mate Szalay-Beko <symat@apache.com>

Reviewers: Chris Nauroth <cnauroth@apache.org>

Closes apache#1964 from symat/ZOOKEEPER-4649-branch-3.6
desaikomal pushed a commit to linkedin/zookeeper that referenced this pull request Jun 27, 2023
@symat @desaikomal
ZOOKEEPER-4649: Upgrade netty to 4.1.86 because of CVE-2022-41915 (ap…
2f7c393 
…ache#1964)

Co-authored-by: Mate Szalay-Beko <symat@apache.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cnauroth cnauroth cnauroth approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@symat @cnauroth @eolivelli