Upgrade Netty Reactive Streams to 2.0.6 #15990

merlimat · 2022-06-08T23:28:00Z

Motivation

https://nvd.nist.gov/vuln/detail/CVE-2019-20444#range-6908693

Upgrade from 2.0.4 to 2.0.6

doc-not-needed

https://nvd.nist.gov/vuln/detail/CVE-2019-20444#range-6908693 Upgrade from 2.0.4 to 2.0.6

### Motivation https://nvd.nist.gov/vuln/detail/CVE-2019-20444#range-6908693 Upgrade from 2.0.4 to 2.0.6 (cherry picked from commit 3d7634a)

https://nvd.nist.gov/vuln/detail/CVE-2019-20444#range-6908693 Upgrade from 2.0.4 to 2.0.6 (cherry picked from commit 4fca9d0)

--- *Motivation* We upgrade the Netty Reactive Stream in the PR apache#15990, but the asynchttpclient still uses it. We should use our project dependency to address the CVE.

* Exclude the Netty Reactive Stream from asynchttpclient --- *Motivation* We upgrade the Netty Reactive Stream in the PR #15990, but the asynchttpclient still uses it. We should use our project dependency to address the CVE. * Add the related dependency to the sub module

* Exclude the Netty Reactive Stream from asynchttpclient --- *Motivation* We upgrade the Netty Reactive Stream in the PR #15990, but the asynchttpclient still uses it. We should use our project dependency to address the CVE. * Add the related dependency to the sub module (cherry picked from commit f9e89ed)

* Exclude the Netty Reactive Stream from asynchttpclient --- *Motivation* We upgrade the Netty Reactive Stream in the PR apache#15990, but the asynchttpclient still uses it. We should use our project dependency to address the CVE. * Add the related dependency to the sub module (cherry picked from commit f9e89ed) (cherry picked from commit b5479ee)

* Exclude the Netty Reactive Stream from asynchttpclient --- *Motivation* We upgrade the Netty Reactive Stream in the PR apache#15990, but the asynchttpclient still uses it. We should use our project dependency to address the CVE. * Add the related dependency to the sub module

* Exclude the Netty Reactive Stream from asynchttpclient --- *Motivation* We upgrade the Netty Reactive Stream in the PR #15990, but the asynchttpclient still uses it. We should use our project dependency to address the CVE. * Add the related dependency to the sub module (cherry picked from commit f9e89ed)

merlimat added area/security release/2.9.3 release/2.10.2 labels Jun 8, 2022

merlimat added this to the 2.11.0 milestone Jun 8, 2022

merlimat requested review from BewareMyPower, codelipenghui, freeznet, hangc0276 and hezhangjian June 8, 2022 23:28

merlimat self-assigned this Jun 8, 2022

merlimat marked this pull request as ready for review June 8, 2022 23:28

This comment was marked as outdated.

Sign in to view

This comment was marked as duplicate.

Sign in to view

github-actions bot added doc-label-missing labels Jun 8, 2022

merlimat added doc-not-needed Your PR changes do not impact docs and removed doc-label-missing labels Jun 8, 2022

Upgrade Netty Reactive Streams to 2.0.6

27668ba

merlimat force-pushed the netty-reactive-streams branch from 4e14e4d to 27668ba Compare June 8, 2022 23:39

apache deleted a comment from github-actions bot Jun 8, 2022

hezhangjian approved these changes Jun 9, 2022

View reviewed changes

codelipenghui approved these changes Jun 9, 2022

View reviewed changes

hezhangjian merged commit 3d7634a into apache:master Jun 9, 2022

merlimat added a commit that referenced this pull request Jun 9, 2022

Upgrade Netty Reactive Streams to 2.0.6 (#15990)

4fca9d0

https://nvd.nist.gov/vuln/detail/CVE-2019-20444#range-6908693 Upgrade from 2.0.4 to 2.0.6

mattisonchao pushed a commit that referenced this pull request Jun 11, 2022

Upgrade Netty Reactive Streams to 2.0.6 (#15990)

88c5681

### Motivation https://nvd.nist.gov/vuln/detail/CVE-2019-20444#range-6908693 Upgrade from 2.0.4 to 2.0.6 (cherry picked from commit 3d7634a)

mattisonchao added the cherry-picked/branch-2.9 Archived: 2.9 is end of life label Jun 11, 2022

nicoloboschi pushed a commit to datastax/pulsar that referenced this pull request Jun 13, 2022

Upgrade Netty Reactive Streams to 2.0.6 (apache#15990)

2889092

https://nvd.nist.gov/vuln/detail/CVE-2019-20444#range-6908693 Upgrade from 2.0.4 to 2.0.6 (cherry picked from commit 4fca9d0)

zymap mentioned this pull request Jul 1, 2022

Exclude the Netty Reactive Stream from asynchttpclient #16312

Merged

1 task

codelipenghui added the cherry-picked/branch-2.10 label Jul 10, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Upgrade Netty Reactive Streams to 2.0.6 #15990

Upgrade Netty Reactive Streams to 2.0.6 #15990

Uh oh!

merlimat commented Jun 8, 2022 •

edited by github-actions bot

Loading

Uh oh!

This comment was marked as outdated.

This comment was marked as duplicate.

This comment was marked as duplicate.

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Upgrade Netty Reactive Streams to 2.0.6 #15990

Upgrade Netty Reactive Streams to 2.0.6 #15990

Uh oh!

Conversation

merlimat commented Jun 8, 2022 • edited by github-actions bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Motivation

Uh oh!

This comment was marked as outdated.

This comment was marked as duplicate.

This comment was marked as duplicate.

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

merlimat commented Jun 8, 2022 •

edited by github-actions bot

Loading