Description
There are a few netty related CVEs that are addressed in io.netty v4.2.5.Final.
This is a transitive dependency pulled in via the AWS SDK artifacts. Unfortunately, the version currently be brought in by the SDK is currently 4.1.126. https://github.com/aws/aws-sdk-java-v2/blob/19720d9f043281586459b53ac718e2a5bd3786c9/pom.xml#L120
We need to keep an eye on the version bumps of the SDK artifacts and upgrade our dependency when AWS upgrades their version of netty.
Update: It looks like v2.32.25 of the aws SDK will correct the CVEs
https://github.com/aws/aws-sdk-java-v2/releases/tag/2.32.25
Including this "high" CVE: https://nvd.nist.gov/vuln/detail/CVE-2025-55163
Description
There are a few netty related CVEs that are addressed in io.netty v4.2.5.Final.
This is a transitive dependency pulled in via the AWS SDK artifacts. Unfortunately, the version currently be brought in by the SDK is currently 4.1.126. https://github.com/aws/aws-sdk-java-v2/blob/19720d9f043281586459b53ac718e2a5bd3786c9/pom.xml#L120
We need to keep an eye on the version bumps of the SDK artifacts and upgrade our dependency when AWS upgrades their version of netty.
Update: It looks like v2.32.25 of the aws SDK will correct the CVEs
https://github.com/aws/aws-sdk-java-v2/releases/tag/2.32.25
Including this "high" CVE: https://nvd.nist.gov/vuln/detail/CVE-2025-55163