Skip to content
This repository has been archived by the owner on Mar 3, 2023. It is now read-only.

Updated Netty to 4.1.72 #3755

Merged
merged 2 commits into from
Jan 4, 2022
Merged

Updated Netty to 4.1.72 #3755

merged 2 commits into from
Jan 4, 2022

Conversation

nicknezis
Copy link
Contributor

Motivation
Netty versions prior to 4.1.71 are vulnerable to CVE-2021-43797
https://nvd.nist.gov/vuln/detail/CVE-2021-43797

Netty release notes:

Changes

  • Upgraded Netty libraries to 4.1.72.Final
  • Upgraded netty-tcnative-boringssl-static to 2.0.46.Final which is compatible with Netty 4.1.72.Final

@nicknezis nicknezis self-assigned this Jan 3, 2022
@nicknezis nicknezis force-pushed the nicknezis/netty-version-bump branch from 5f90edd to 9ebc403 Compare January 3, 2022 19:03
@nicknezis nicknezis marked this pull request as draft January 3, 2022 19:04
@nicknezis
Copy link
Contributor Author

Will merge once #3753 is merged.

@nicknezis
Copy link
Contributor Author

Update is similar to the one found here: apache/bookkeeper#2951

@nicknezis nicknezis changed the title Updated Netty to 4.1.71 Updated Netty to 4.1.72 Jan 4, 2022
@nicknezis nicknezis force-pushed the nicknezis/netty-version-bump branch from 9ebc403 to 9c53b45 Compare January 4, 2022 21:44
@nicknezis nicknezis marked this pull request as ready for review January 4, 2022 21:44
@nicknezis nicknezis requested a review from surahman January 4, 2022 21:44
@surahman
Copy link
Member

surahman commented Jan 4, 2022

I had a quick look through the issue trackers for 4.1.71 and 4.1.72 and there should be no issues with the upgrade.

@nicknezis nicknezis merged commit bbf8167 into master Jan 4, 2022
@nicknezis nicknezis deleted the nicknezis/netty-version-bump branch January 4, 2022 22:38
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants