Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Shaded-asynchttpclient uses vulnerable version of netty #991

Open
ZachChuba opened this issue Feb 12, 2025 · 1 comment
Open

Shaded-asynchttpclient uses vulnerable version of netty #991

ZachChuba opened this issue Feb 12, 2025 · 1 comment

Comments

@ZachChuba
Copy link

ZachChuba commented Feb 12, 2025
edited
Loading

Shaded-asynchttpclient uses Netty : io.netty:netty-handler version 4.1.115.Final, which is vulnerable to CVE-2025-24970.

Netty-reactive-streams has resolved this issue in pull request #314. However, a new version of netty-reactive-streams has not been released yet. Once the updated version is available, the dependency should be upgraded accordingly on this project. shaded-asynchttpclient is currently vulnerable to this CVE.
@mkurz
Copy link
Member

mkurz commented Feb 13, 2025

Release is coming soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mkurz @ZachChuba