Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade to Netty 4.1.100 in 2.20.x branch (CVE-2023-44487) #4638

Closed
fgrilli opened this issue Oct 26, 2023 · 3 comments
Closed

Upgrade to Netty 4.1.100 in 2.20.x branch (CVE-2023-44487) #4638

fgrilli opened this issue Oct 26, 2023 · 3 comments
Assignees
@debora-ito
Labels
feature-request A feature should be added or improved. response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 10 days.

Comments

@fgrilli
Copy link

fgrilli commented Oct 26, 2023
edited
Loading

Describe the bug

Creating this ticket in hopes it gets attention from the team.
Could you please back port the Netty update to 2.2.0.x branch and release it?

For details, please see
#4584
#4619

Expected Behavior

For details, please see
#4584
#4619

Current Behavior

For details, please see
#4584
#4619

Reproduction Steps

For details, please see
#4584
#4619

Possible Solution

Update to Netty 4.1.100 in 2.20.x branch

Additional Information/Context

No response

AWS Java SDK version used

2.20.162

JDK version used

openjdk version "1.8.0_252" OpenJDK Runtime Environment (AdoptOpenJDK)(build 1.8.0_252-b09)

Operating System and version

macOS 13.5.2
@fgrilli fgrilli added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Oct 26, 2023
@debora-ito
Copy link
Member

@fgrilli we don't usually backport changes, because newer versions of the SDK 2.x are backwards-compatible to older versions of 2.x.

Is there any reason why you can't upgrade to 2.21.x?

@debora-ito debora-ito added response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 10 days. feature-request A feature should be added or improved. and removed bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Oct 26, 2023
@debora-ito debora-ito self-assigned this Oct 26, 2023
@fgrilli
Copy link
Author

fgrilli commented Oct 27, 2023

Thanks, I guess we'll give a shot at 2.21.x. True, a minor version update shouldn't introduce breaking changes, although we experienced the opposite in the past with other libs.

@fgrilli fgrilli closed this as completed Oct 27, 2023
@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

@fgrilli fgrilli changed the title Upgrade to Netty 4.1.10 in 2.20.x branch (CVE-2023-44487) Upgrade to Netty 4.1.100 in 2.20.x branch (CVE-2023-44487) Nov 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@debora-ito debora-ito

Labels
feature-request A feature should be added or improved. response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 10 days.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@debora-ito @fgrilli