Skip to content

Commit d53289e

Browse files
committed
fix: bump netty from 4.1.127 to 4.1.135 to remediate CVE-2026-44249 and CVE-2026-45416
Bumps netty.version to 4.1.135.Final to fix: - CVE-2026-44249 (CVSS 8.1): IPv6 subnet ACL bypass - CVE-2026-45416 (CVSS 7.5): TLS ClientHello memory exhaustion DoS This also covers CVE-2026-42583 (CVSS 7.5, fixed in 4.1.131.Final).
1 parent 95962cb commit d53289e

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -56,7 +56,7 @@
5656
<slf4j.version>1.7.36</slf4j.version>
5757
<slf4j-log4j12.version>1.7.36</slf4j-log4j12.version>
5858
<guava.version>33.3.1-jre</guava.version>
59-
<netty.version>4.1.127.Final</netty.version>
59+
<netty.version>4.1.135.Final</netty.version>
6060
<netty-tcnative.artifact>netty-tcnative-boringssl-static</netty-tcnative.artifact>
6161
<netty-tcnative.version>2.0.70.Final</netty-tcnative.version>
6262
<metrics.version>3.2.6</metrics.version>

0 commit comments

Comments
 (0)