Potential security vulnerability with Netty dependency #2385
Comments
|
@Antti-Paladin Thanks for sharing this with us. We'll look into upgrading. |
|
@Antti-Paladin Thanks for this report and for helping us to keep Linkerd awesome! I've been testing an upgrade to Netty 4.1.47 and that has a dependency on Finagle 20.4.0 and its associated libraries. I'm held up by a finagle issue at the moment and will update this ticket when the upgrade is unblocked. |
|
@cpretzer, sorry for personal ping but any news now that the finagle issue is resolved? |
|
Hi @Antti-Paladin , thanks for reaching out. I'm testing the upgrade as we speak and hope to have it wrapped up today. |
|
Awesome news @cpretzer, thank you! 💯 |
|
Thanks again @Antti-Paladin this is fixed in #2386 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Issue Type:
What happened:
There is a security vulnerability CVE-2020-11612 which concerns Netty 4.1.x before 4.1.46, and thus might affect Linkerd too (as of today the Netty version used seems to be 4.1.31 in master).
What you expected to happen:
It could be investigated if this causes a security vulnerability in Linkerd too. If so (and feasible), could update the Netty dependency to a version without the vulnerability.
Environment:
The text was updated successfully, but these errors were encountered: