Skip to content

HBASE-25728 [hbase-thirdparty] Upgrade Netty library to >= 4.1.60 due to security vulnerability CVE-2021-21295 #48

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
apurtell merged 1 commit into from
Apr 2, 2021
Merged

HBASE-25728 [hbase-thirdparty] Upgrade Netty library to >= 4.1.60 due to security vulnerability CVE-2021-21295 #48

apurtell merged 1 commit into from
Apr 2, 2021

Conversation

@apurtell
Copy link
Contributor

@apurtell apurtell commented Apr 2, 2021
edited
Loading

We don't have a direct exposure to this vulnerability but vulnerability scanners aware of the CVE database may flag it.

@Apache-HBase
Copy link

Apache-HBase commented Apr 2, 2021

🎊 +1 overall

Vote Subsystem Runtime Comment
+0 🆗 reexec 1m 19s Docker mode activated.
_ Prechecks _
+1 💚 dupname 0m 0s No case conflicting files found.
+1 💚 @author 0m 0s The patch does not contain any @author tags.
-0 ⚠️ test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
_ master Compile Tests _
+1 💚 mvninstall 0m 46s master passed
+1 💚 compile 0m 10s master passed
+1 💚 javadoc 0m 11s master passed
_ Patch Compile Tests _
+1 💚 mvninstall 0m 23s the patch passed
+1 💚 compile 0m 9s the patch passed
+1 💚 javac 0m 9s the patch passed
+1 💚 whitespace 0m 0s The patch has no whitespace issues.
+1 💚 xml 0m 0s The patch has no ill-formed XML file.
+1 💚 javadoc 0m 5s the patch passed
_ Other Tests _
+1 💚 unit 0m 32s root in the patch passed.
+1 💚 asflicense 0m 7s The patch does not generate ASF License warnings.
3m 50s
Subsystem Report/Notes
Docker ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/HBase/job/HBase-Thirdparty-PreCommit/job/PR-48/1/artifact/yetus-precommit-check/output/Dockerfile
GITHUB PR #48
Optional Tests dupname asflicense javac javadoc unit xml compile
uname Linux 18c6ae609af7 5.4.0-1025-aws #25~18.04.1-Ubuntu SMP Fri Sep 11 12:03:04 UTC 2020 x86_64 GNU/Linux
Build tool maven
git revision master / f272e6b
Default Java Oracle Corporation-1.8.0_282-b08
Test Results https://ci-hadoop.apache.org/job/HBase/job/HBase-Thirdparty-PreCommit/job/PR-48/1/testReport/
Max. process+thread count 401 (vs. ulimit of 1000)
modules C: . U: .
Console output https://ci-hadoop.apache.org/job/HBase/job/HBase-Thirdparty-PreCommit/job/PR-48/1/console
versions git=2.20.1
Powered by Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

HorizonNet
HorizonNet approved these changes Apr 2, 2021
View reviewed changes
Copy link
Contributor

@HorizonNet HorizonNet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Any specific reason not going to 4.1.63.Final directly?

@apurtell
Copy link
Contributor Author

apurtell commented Apr 2, 2021

No reason I suppose, let me update...

@apurtell
Copy link
Contributor Author

apurtell commented Apr 2, 2021

Updated: <netty.version>4.1.63.Final</netty.version>

@HorizonNet
Copy link
Contributor

HorizonNet commented Apr 2, 2021

Thanks. +1 stands, pending QA.

@Apache-HBase
Copy link

Apache-HBase commented Apr 2, 2021

🎊 +1 overall

Vote Subsystem Runtime Comment
+0 🆗 reexec 0m 37s Docker mode activated.
_ Prechecks _
+1 💚 dupname 0m 0s No case conflicting files found.
+1 💚 @author 0m 0s The patch does not contain any @author tags.
-0 ⚠️ test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
_ master Compile Tests _
+1 💚 mvninstall 0m 22s master passed
+1 💚 compile 0m 10s master passed
+1 💚 javadoc 0m 5s master passed
_ Patch Compile Tests _
+1 💚 mvninstall 0m 23s the patch passed
+1 💚 compile 0m 10s the patch passed
+1 💚 javac 0m 10s the patch passed
+1 💚 whitespace 0m 0s The patch has no whitespace issues.
+1 💚 xml 0m 1s The patch has no ill-formed XML file.
+1 💚 javadoc 0m 4s the patch passed
_ Other Tests _
+1 💚 unit 0m 29s root in the patch passed.
+1 💚 asflicense 0m 4s The patch does not generate ASF License warnings.
2m 33s
Subsystem Report/Notes
Docker ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/HBase/job/HBase-Thirdparty-PreCommit/job/PR-48/2/artifact/yetus-precommit-check/output/Dockerfile
GITHUB PR #48
Optional Tests dupname asflicense javac javadoc unit xml compile
uname Linux a1b9c16d88f1 5.4.0-1025-aws #25~18.04.1-Ubuntu SMP Fri Sep 11 12:03:04 UTC 2020 x86_64 GNU/Linux
Build tool maven
git revision master / f272e6b
Default Java Oracle Corporation-1.8.0_282-b08
Test Results https://ci-hadoop.apache.org/job/HBase/job/HBase-Thirdparty-PreCommit/job/PR-48/2/testReport/
Max. process+thread count 412 (vs. ulimit of 1000)
modules C: . U: .
Console output https://ci-hadoop.apache.org/job/HBase/job/HBase-Thirdparty-PreCommit/job/PR-48/2/console
versions git=2.20.1
Powered by Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

@apurtell apurtell merged commit 14a2695 into apache:master Apr 2, 2021
@apurtell apurtell deleted the HBASE-25728 branch April 2, 2021 18:32
@apurtell
Copy link
Contributor Author

apurtell commented Apr 2, 2021

Thanks @HorizonNet

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@HorizonNet HorizonNet HorizonNet approved these changes

@Apache9 Apache9 Awaiting requested review from Apache9

@busbey busbey Awaiting requested review from busbey

@petersomogyi petersomogyi Awaiting requested review from petersomogyi

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@apurtell @Apache-HBase @HorizonNet