Issue2828

classification
Title: Update netty JARs to 4.1.45
Type: security Severity: normal
Components: Library Versions: Jython 2.7.2
Milestone: Jython 2.7.2
process
Status: pending Resolution: fixed
Dependencies: Superseder:
Assigned To: jeff.allen Nosy List: jeff.allen
Priority: normal Keywords:

Created on 2019-11-06.20:36:19 by jeff.allen, last changed 2020-01-26.22:05:05 by jeff.allen.

Messages
msg12764 (view) Author: Jeff Allen (jeff.allen) Date: 2019-11-06.20:36:19
We bundle Netty version 4.1.24.Final since 2.7.1, affected by https://nvd.nist.gov/vuln/detail/CVE-2019-16869  At the time of writing, 4.1.43 seems to be current.

https://mvnrepository.com/artifact/io.netty

(Reported by BenoƮt Cantin.)
msg12930 (view) Author: Jeff Allen (jeff.allen) Date: 2020-01-26.18:27:37
Choosing (currently testing with) version 4.1.45
msg12940 (view) Author: Jeff Allen (jeff.allen) Date: 2020-01-26.22:05:05
JARs updated at https://hg.python.org/jython/rev/ccd1215b3d0e
History
Date User Action Args
2020-01-26 22:05:05jeff.allensetstatus: open -> pending
assignee: jeff.allen
resolution: accepted -> fixed
messages: + msg12940
2020-01-26 18:27:37jeff.allensetresolution: accepted
messages: + msg12930
title: Upgrade netty from 4.1.24 -> Update netty JARs to 4.1.45
2019-11-06 20:36:20jeff.allencreate