Skip to content

Upgrade Netty to 4.1.127.Final to fix CVEs#4616

Closed
lhotari wants to merge 1 commit into
apache:masterfrom
lhotari:lh-netty-4.1.122
Closed

Upgrade Netty to 4.1.127.Final to fix CVEs#4616
lhotari wants to merge 1 commit into
apache:masterfrom
lhotari:lh-netty-4.1.122

Conversation

@lhotari

@lhotari lhotari commented Jun 9, 2025

Copy link
Copy Markdown
Member

Motivation

Keeping Netty up-to-date with bug fixes as well as addresses CVE-2025-58057 and CVE-2025-58056 in Netty. BookKeeper users aren't impacted, but we need to use dependencies that don't contain known CVEs.

Changes

  • Upgrade Netty to 4.1.127.Final and tcnative to 2.0.73.Final

@lhotari lhotari changed the title Upgrade Netty to 4.1.122.Final Upgrade Netty to 4.1.124.Final Aug 25, 2025
@lhotari lhotari requested review from StevenLuMT and zymap August 25, 2025 11:10
@lhotari lhotari changed the title Upgrade Netty to 4.1.124.Final Upgrade Netty to 4.1.127.Final to fix CVEs Sep 8, 2025
@zymap

zymap commented Jan 12, 2026

Copy link
Copy Markdown
Member

Fixed by: #4699

@merlimat merlimat closed this Mar 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants