Skip to content

Update to netty version 4.2.12.Final to address CVEs#1340

Merged
labkey-susanh merged 2 commits intorelease26.4-SNAPSHOTfrom
26.4_fb_nettyVersionUpdate
Apr 16, 2026
Merged

Update to netty version 4.2.12.Final to address CVEs#1340
labkey-susanh merged 2 commits intorelease26.4-SNAPSHOTfrom
26.4_fb_nettyVersionUpdate

Conversation

@labkey-susanh
Copy link
Copy Markdown
Contributor

@labkey-susanh labkey-susanh commented Apr 15, 2026

Rationale

We've got some CVE reports coming from an older netty version

Changes

  • Update to the latest version of netty

@labkey-susanh labkey-susanh requested a review from a team April 15, 2026 19:58
@labkey-susanh labkey-susanh self-assigned this Apr 15, 2026
labkey-jeckels
labkey-jeckels approved these changes Apr 15, 2026
View reviewed changes
Comment thread gradle.properties Outdated

# Netty - transitive dependency via azure-core-http-netty; force for CVE-2025-67735
nettyVersion=4.2.8.Final
# Netty - transitive dependency via azure-core-http-netty; force for CVE-2025-67735, CVE-2026-33871, CVE-2026-33870
Copy link
Copy Markdown
Contributor

@labkey-jeckels labkey-jeckels Apr 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want to keep a running list of Netty CVEs here? We could just call out the one(s) that prompted the bump to the current version

@labkey-susanh labkey-susanh merged commit a10d8e6 into release26.4-SNAPSHOT Apr 16, 2026
6 of 7 checks passed
@labkey-susanh labkey-susanh deleted the 26.4_fb_nettyVersionUpdate branch April 16, 2026 13:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@labkey-jeckels labkey-jeckels labkey-jeckels approved these changes

Assignees

@labkey-susanh labkey-susanh

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@labkey-susanh @labkey-jeckels