Upgrade Netty to 4.1.127.Final to fix CVEs

Open lhotari opened this issue 6 months ago • 0 comments

Motivation

Keeping Netty up-to-date with bug fixes as well as addresses CVE-2025-58057 and CVE-2025-58056 in Netty. BookKeeper users aren't impacted, but we need to use dependencies that don't contain known CVEs.

Netty 4.1.127.Final release notes
Netty 4.1.126.Final release notes
Netty 4.1.124.Final release notes
Netty 4.1.123.Final release notes
Netty 4.1.122.Final release notes
https://github.com/netty/netty-tcnative/compare/netty-tcnative-parent-2.0.70.Final...netty-tcnative-parent-2.0.73.Final

Changes

Upgrade Netty to 4.1.127.Final and tcnative to 2.0.73.Final

Jun 09 '25 14:06 lhotari