Issue2828

classification

Title:	Update netty JARs to 4.1.45
Type:	security	Severity:	normal
Components:	Library	Versions:	Jython 2.7.2
		Milestone:	Jython 2.7.2

process

Status:	closed	Resolution:	fixed
Dependencies:		Superseder:
Assigned To:	jeff.allen	Nosy List:	jeff.allen
Priority:	normal	Keywords:

Created on 2019-11-06.20:36:19 by jeff.allen, last changed 2020-02-23.21:48:30 by jeff.allen.

Messages
msg12764 (view)	Author: Jeff Allen (jeff.allen)	Date: 2019-11-06.20:36:19
We bundle Netty version 4.1.24.Final since 2.7.1, affected by https://nvd.nist.gov/vuln/detail/CVE-2019-16869 At the time of writing, 4.1.43 seems to be current. https://mvnrepository.com/artifact/io.netty (Reported by Benoît Cantin.)
msg12930 (view)	Author: Jeff Allen (jeff.allen)	Date: 2020-01-26.18:27:37
Choosing (currently testing with) version 4.1.45
msg12940 (view)	Author: Jeff Allen (jeff.allen)	Date: 2020-01-26.22:05:05
JARs updated at https://hg.python.org/jython/rev/ccd1215b3d0e

History
Date	User	Action	Args
2020-02-23 21:48:30	jeff.allen	set	status: pending -> closed
2020-01-26 22:05:05	jeff.allen	set	status: open -> pending assignee: jeff.allen resolution: accepted -> fixed messages: + msg12940
2020-01-26 18:27:37	jeff.allen	set	resolution: accepted messages: + msg12930 title: Upgrade netty from 4.1.24 -> Update netty JARs to 4.1.45
2019-11-06 20:36:20	jeff.allen	create