Skip to content

[Aikido] Fix 29 security issues in netty-codec-http, spring-core, spring-webmvc and 13 more #295

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
aikido-autofix wants to merge 1 commit into from
Closed

[Aikido] Fix 29 security issues in netty-codec-http, spring-core, spring-webmvc and 13 more #295

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 20 additions & 2 deletions agent/build.gradle
View file
Open in desktop
Copy link
Copy Markdown

@aikido-pr-checks aikido-pr-checks Bot May 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

4 Open source vulnerabilities detected - medium severity
Aikido detected 4 vulnerabilities across 1 package, it includes 2 medium and 2 low vulnerabilities.

Details

Remediation Aikido suggests bumping the vulnerable packages to a safe version.

Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info

Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,27 @@ dependencies {
// Compile only for interface types :
compileOnly 'jakarta.servlet:jakarta.servlet-api:6.1.0' // spring 3 -> jakarta
compileOnly 'javax.servlet:javax.servlet-api:4.0.1' // spring 2 -> javax
compileOnly 'io.projectreactor.netty:reactor-netty-http:1.2.1' // For Spring Webflux
compileOnly 'io.projectreactor.netty:reactor-netty-http:1.2.8' // For Spring Webflux
compileOnly 'io.javalin:javalin:6.4.0'
compileOnly 'org.springframework:spring-web:5.3.20'
compileOnly 'org.springframework:spring-web:6.2.11'

// Version constraints for transitive dependencies
constraints {
implementation 'io.netty:netty-codec-http:4.1.133.Final'
implementation 'org.springframework:spring-core:6.2.11'
implementation 'org.springframework:spring-webmvc:6.2.11'
implementation 'org.springframework:spring-beans:6.2.11'
implementation 'org.springframework:spring-expression:6.2.11'
implementation 'org.springframework:spring-context:6.2.11'
implementation 'io.netty:netty-codec-dns:4.1.133.Final'
implementation 'org.eclipse.jetty:jetty-server:12.0.33'
implementation 'org.eclipse.jetty:jetty-http:12.0.33'
implementation 'io.netty:netty-codec:4.1.133.Final'
implementation 'io.netty:netty-codec-http2:4.1.133.Final'
implementation 'io.netty:netty-handler:4.1.118.Final'
implementation 'io.netty:netty-handler-proxy:4.1.133.Final'
implementation 'io.netty:netty-common:4.1.118.Final'
}
}

shadowJar {
Expand Down
Loading