Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

netty-handler version #1313

Closed
coltonfreeman26 opened this issue Jun 27, 2023 · 3 comments
Closed

netty-handler version #1313

coltonfreeman26 opened this issue Jun 27, 2023 · 3 comments
Assignees
@adejanovski
Labels
blocked security Pull requests that address a security vulnerability

Comments

@coltonfreeman26
Copy link

coltonfreeman26 commented Jun 27, 2023
edited by sync-by-unito bot
Loading

Project board link

Hello all,
Are there any plans to update the version of netty-handler currently being used 4.1.70.Final? Our scan tools have found a vulnerability with the current version https://nvd.nist.gov/vuln/detail/CVE-2023-34462
This has been fixed in 4.1.94.Final

┆Issue is synchronized with this Jira Story by Unito
┆Issue Number: REAP-50
@Miles-Garnsey
Copy link
Contributor

Hi @coltonfreeman26 can you please give us some details on where you're seeing that dependancy and what versions of the various applications you're running?

Cassandra trunk is on 4.1.96, which would address your concerns I think.

@Miles-Garnsey Miles-Garnsey added the security Pull requests that address a security vulnerability label Oct 2, 2023
@Miles-Garnsey Miles-Garnsey moved this to Blocked/Stale in K8ssandra Oct 2, 2023
@coltonfreeman26
Copy link
Author

Good morning,
Of course. We are currently using your thelastpickle/cassandra-reaper:3.3.4 as a builder image. Our scan tools (Twistlock and Anchore) found this finding. The path our scan tools are showing are /usr/local/lib/cassandra-reaper.jar. There are a handful of findings ranging from low to high. I can share the list here if you would like.

@bschoening
Copy link
Contributor

@adejanovski this appears resolved with #1457

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@adejanovski adejanovski

Labels
blocked security Pull requests that address a security vulnerability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@adejanovski @bschoening @Miles-Garnsey @coltonfreeman26