Current version 3.7.0 has 1 CVE: CVE-2025-25193

### Expected behavior
No security vulnerabilities should be present in the current version of Application Insights.

### Actual behavior
The current version of Application Insights Java agent uses a vulnerable version of netty-common (4.1.117.Final) which contains CVE-2024-12798, allowing potential arbitrary code execution through JaninoEventEvaluator component.

### To Reproduce
I generated a base image using Application Insights and, upon scanning the image with Trivy, I found this vulnerability.

### System information
Please provide the following information:
 - SDK Version:
 - OS type and version: Linux, redhat
 - Application Server type and version (if applicable): 3.7.0
 - Using spring-boot? yes
 - Additional relevant libraries (with version, if applicable): netty-common

### Screenshots

![Image](https://github.com/user-attachments/assets/05258207-64ef-4773-920d-b818a0d57544)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Current version 3.7.0 has 1 CVE: CVE-2025-25193 #4086

Expected behavior

Actual behavior

To Reproduce

System information

Screenshots

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Current version 3.7.0 has 1 CVE: CVE-2025-25193 #4086

Description

Expected behavior

Actual behavior

To Reproduce

System information

Screenshots

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions