Skip to content

Update Netty to 4.1.124#6344

Closed
mrdziuban wants to merge 2 commits intoaws:masterfrom
mrdziuban:patch-1
Closed

Update Netty to 4.1.124#6344
mrdziuban wants to merge 2 commits intoaws:masterfrom
mrdziuban:patch-1

Conversation

@mrdziuban
Copy link
Contributor

@mrdziuban mrdziuban commented Aug 13, 2025

Motivation and Context

This resolves CVE-2025-55163 (GHSA-prj3-ccx8-p6x4)

Modifications

Upgrades Netty to 4.1.124.Final

Testing

Screenshots (if appropriate)

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)

Checklist

  • I have read the CONTRIBUTING document
  • Local run of mvn install succeeds
  • My code follows the code style of this project
  • My change requires a change to the Javadoc documentation
  • I have updated the Javadoc documentation accordingly
  • I have added tests to cover my changes
  • All new and existing tests passed
  • I have added a changelog entry. Adding a new entry must be accomplished by running the scripts/new-change script and following the instructions. Commit the new file created by the script in .changes/next-release with your changes.
  • My change is to implement 1.11 parity feature and I have updated LaunchChangelog

License

  • I confirm that this pull request can be released under the Apache 2 license

@mrdziuban mrdziuban requested a review from a team as a code owner August 13, 2025 21:37
@liustve liustve mentioned this pull request Aug 14, 2025
Merged
liustve added a commit to aws-observability/aws-otel-java-instrumentation that referenced this pull request Aug 14, 2025
@liustve @thpierce
Add Netty BOM (#1148)
df7bb31 
*Description of changes:*
Builds are failing image scanning for `CVE-2025-55163` which recently
was added as a vulnerability.
GHSA-prj3-ccx8-p6x4

Should revert this once we upgrade our aws-sdk dependency to version
that has this PR added:
aws/aws-sdk-java-v2#6344

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.

---------

Co-authored-by: Thomas Pierce <thp@amazon.com>
anahatAWS pushed a commit to anahatAWS/aws-otel-java-instrumentation that referenced this pull request Aug 14, 2025
@liustve @thpierce @anahatAWS
Add Netty BOM (aws-observability#1148)
529bebe 
*Description of changes:*
Builds are failing image scanning for `CVE-2025-55163` which recently
was added as a vulnerability.
GHSA-prj3-ccx8-p6x4

Should revert this once we upgrade our aws-sdk dependency to version
that has this PR added:
aws/aws-sdk-java-v2#6344

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.

---------

Co-authored-by: Thomas Pierce <thp@amazon.com>
@L-Applin
Copy link
Contributor

L-Applin commented Aug 18, 2025

Closed in favour of #6351

Thanks for opening this, I am sorry I didn't notice this PR before creating mine.

@L-Applin L-Applin closed this Aug 18, 2025
@liamness liamness mentioned this pull request Aug 21, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@OmarRad OmarRad OmarRad approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mrdziuban @L-Applin @OmarRad