-
Notifications
You must be signed in to change notification settings - Fork 504
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Potential security vulnerability with Netty dependency #2385
Comments
@Antti-Paladin Thanks for sharing this with us. We'll look into upgrading. |
@Antti-Paladin Thanks for this report and for helping us to keep Linkerd awesome! I've been testing an upgrade to Netty 4.1.47 and that has a dependency on Finagle 20.4.0 and its associated libraries. I'm held up by a finagle issue at the moment and will update this ticket when the upgrade is unblocked. |
@cpretzer, sorry for personal ping but any news now that the finagle issue is resolved? |
Hi @Antti-Paladin , thanks for reaching out. I'm testing the upgrade as we speak and hope to have it wrapped up today. |
Awesome news @cpretzer, thank you! 💯 |
Thanks again @Antti-Paladin this is fixed in #2386 |
Issue Type:
What happened:
There is a security vulnerability CVE-2020-11612 which concerns Netty 4.1.x before 4.1.46, and thus might affect Linkerd too (as of today the Netty version used seems to be 4.1.31 in master).
What you expected to happen:
It could be investigated if this causes a security vulnerability in Linkerd too. If so (and feasible), could update the Netty dependency to a version without the vulnerability.
Environment:
The text was updated successfully, but these errors were encountered: