-
|
Hi, My organization has a very low risk tolerance policy, and currently there is no pulsar version available that addresses the most recent netty high severity vulnerability GHSA-4g8c-wm8x-jfhw. Netty version is already upgraded in master, but we're waiting for a 4.0.3 release with the patch included. Unfortunately, my organization cares more about existence of a vulnerability than the likelihood and impact of exploitability. Thanks. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
@ZachChuba The releases that include Netty 4.1.118 with the fix for CVE-2025-24970 are currently in the release voting stage. Please participate in validating the release candidate versions. This is also a valuable way to contribute to the Apache Pulsar OSS project. These are the release voting threads on the dev mailing list:
The instructions to join the dev mailing list are available on the contact page. I'll proceed with the releases as soon as the mandatory 3 binding votes are reached. In the Apache Pulsar project, we follow the ASF release policy and its release approval. |
Beta Was this translation helpful? Give feedback.
@ZachChuba The releases that include Netty 4.1.118 with the fix for CVE-2025-24970 are currently in the release voting stage. Please participate in validating the release candidate versions. This is also a valuable way to contribute to the Apache Pulsar OSS project.
These are the release voting threads on the dev mailing list:
The instructions to join the dev mailing list are available on the contact page.
I'll proceed with the releases as soon as the mandatory 3 binding votes are reached. In the Apach…