Skip to content

Update Netty to 4.1.126 #6398

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Sep 5, 2025
Merged

Update Netty to 4.1.126 #6398

merged 3 commits into from
Sep 5, 2025

Conversation

@mrdziuban
Copy link
Contributor

Motivation and Context

This resolves CVE-2025-58056.

Modifications

Upgrades Netty to 4.1.126.Final and netty-open-ssl-version to 2.0.73.Final.

Testing

Screenshots (if appropriate)

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)

Checklist

  • I have read the CONTRIBUTING document
  • Local run of mvn install succeeds
  • My code follows the code style of this project
  • My change requires a change to the Javadoc documentation
  • I have updated the Javadoc documentation accordingly
  • I have added tests to cover my changes
  • All new and existing tests passed
  • I have added a changelog entry. Adding a new entry must be accomplished by running the scripts/new-change script and following the instructions. Commit the new file created by the script in .changes/next-release with your changes.
  • My change is to implement 1.11 parity feature and I have updated LaunchChangelog

License

  • I confirm that this pull request can be released under the Apache 2 license

@mrdziuban mrdziuban requested a review from a team as a code owner September 4, 2025 20:06
@mrdziuban
Copy link
Contributor Author

@L-Applin would you mind taking a look (or tagging someone else we should)? Thanks in advance!

zoewangg
zoewangg approved these changes Sep 4, 2025
View reviewed changes
Copy link
Contributor

@zoewangg zoewangg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@alextwoods alextwoods enabled auto-merge September 4, 2025 20:15
@zoewangg
Copy link
Contributor

zoewangg commented Sep 4, 2025

Running tests now

@ezhang6811 ezhang6811 mentioned this pull request Sep 5, 2025
Merged
@sonarqubecloud
Copy link

sonarqubecloud bot commented Sep 5, 2025

Quality Gate Passed Quality Gate passed

Issues
19 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@zoewangg zoewangg added the no-api-surface-area-change Indicate there is no API surface area change and thus API surface area review is not required label Sep 5, 2025
@alextwoods alextwoods added this pull request to the merge queue Sep 5, 2025
Merged via the queue into aws:master with commit 97976b7 Sep 5, 2025
17 of 35 checks passed
ezhang6811 added a commit to aws-observability/aws-otel-java-instrumentation that referenced this pull request Sep 5, 2025
@ezhang6811
bump Netty to 4.1.126 (#1173)
fb742d5 
*Issue #, if available:*

*Description of changes:*
Fixes
[CVE-2025-58056](GHSA-fghv-69vj-qj49). See
upstream [PR](aws/aws-sdk-java-v2#6398).

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
majanjua-amzn pushed a commit to majanjua-amzn/aws-otel-java-instrumentation that referenced this pull request Sep 9, 2025
@ezhang6811 @majanjua-amzn
bump Netty to 4.1.126 (aws-observability#1173)
7426420 
*Issue #, if available:*

*Description of changes:*
Fixes
[CVE-2025-58056](GHSA-fghv-69vj-qj49). See
upstream [PR](aws/aws-sdk-java-v2#6398).

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zoewangg zoewangg zoewangg approved these changes

@alextwoods alextwoods alextwoods approved these changes

Assignees

No one assigned

Labels

no-api-surface-area-change Indicate there is no API surface area change and thus API surface area review is not required

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mrdziuban @zoewangg @alextwoods