Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address netty vulnerability: CVE-2024-29025 #6242

Closed
5 of 7 tasks
TharmiganK opened this issue Mar 27, 2024 · 0 comments · Fixed by ballerina-platform/module-ballerinax-jaeger#164
Closed
5 of 7 tasks

Address netty vulnerability: CVE-2024-29025 #6242

TharmiganK opened this issue Mar 27, 2024 · 0 comments · Fixed by ballerina-platform/module-ballerinax-jaeger#164
Assignees
@Bhashinee @dilanSachi @NipunaMadhushan @TharmiganK
Labels
module/grpc module/http module/tcp module/udp module/websocket Team/PCM Protocol connector packages related issues Type/Task
Milestone
2201.9.0

Comments

@TharmiganK
Copy link
Contributor

TharmiganK commented Mar 27, 2024
edited
Loading

Description:

$ Subject

Reference: https://www.cve.org/CVERecord?id=CVE-2024-29025

Note: This is only for io.netty:netty-codec-http library

Describe your task(s)

Need to update the netty version to 4.1.108-Final and netty-tcnative version to 2.0.65.Final

  • udp (not affected - updating to avoid conflicting jars)
  • tcp (not affected - updating to avoid conflicting jars)
  • http (affected)
  • websocket (affected)
  • grpc (affected)
  • observei (seems like a test dependency - need to check)
  • jaeger (not affected - updating to avoid conflicting jars)
@TharmiganK TharmiganK mentioned this issue Mar 27, 2024
Closed
5 tasks
This was referenced Mar 28, 2024
Closed
Closed
Closed
@TharmiganK TharmiganK added this to the 2201.9.0 milestone Apr 5, 2024
@TharmiganK TharmiganK mentioned this issue Apr 25, 2024
Merged
@dilanSachi dilanSachi mentioned this issue Jun 17, 2024
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Bhashinee Bhashinee

@dilanSachi dilanSachi

@NipunaMadhushan NipunaMadhushan

@TharmiganK TharmiganK

Labels
module/grpc module/http module/tcp module/udp module/websocket Team/PCM Protocol connector packages related issues Type/Task
Projects
None yet
Milestone
2201.9.0
Development

Successfully merging a pull request may close this issue.

Refractor module along with opentelemetry version update NipunaMadhushan/module-ballerinax-jaeger
4 participants
@Bhashinee @dilanSachi @NipunaMadhushan @TharmiganK