[GHSA-rwm7-x88c-3g2p] Netty epoll transport denial of service via RST on half-closed TCP connection#7676
Conversation
|
Hi there @chrisvest! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository. This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory |
github-actions
Bot
changed the base branch from
main
to
chrisvest/advisory-improvement-7676
There was a problem hiding this comment.
Pull request overview
Updates the OSV advisory for GHSA-rwm7-x88c-3g2p (Netty epoll transport DoS) to more precisely represent which Netty versions are affected, aligning the advisory’s version range with the note that only 4.2.x < 4.2.13.Final is impacted.
Changes:
- Adjusts the affected range start from a blanket
introduced: "0"to a specific 4.2.x introduction point. - Adds
database_specific.last_known_affected_version_rangeto explicitly capture the last known affected release.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
Submitted this because #7616 looks like it's not getting merged? |
Updates
Comments
Only 4.2.x versions less than 4.2.13 are affect. No 4.1.x version is affected.