Jens Oberender created FLINK-8170:
-------------------------------------
Summary: Security Problems with Netty version 4.0.27.Final
Key: FLINK-8170
URL:
https://issues.apache.org/jira/browse/FLINK-8170 Project: Flink
Issue Type: Bug
Components: Core
Reporter: Jens Oberender
I did an OWASP dependency check on my flink project and it reports two problems for netty version 4.0.27.Final:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2156https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4970According to #FLINK-3151 there was a memory problem with newer versions.
I couldn't find a reference to that problem in the netty issues. Perhaps it's already fixed with newer versions (netty 4.0.27 was release in Apr, 2015).
Unfortunatelly I'm not that familiar with flink yet, to build a setup to reproduce the memory problem. Can anyone try it with a newer version of netty (4.0.53.Final is the latest of 4.0)?
I came across an article about finding netty memory leaks with ByteBuf, perhaps that can help:
https://logz.io/blog/netty-bytebuf-memory-leak/--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
Locked
