Skip to content

[FEATURE REQ] Upgrade Netty dependencies in Cosmos SDK #47109

New issue
New issue
Open
Open
[FEATURE REQ] Upgrade Netty dependencies in Cosmos SDK#47109
Assignees
FabianMeiswinkel
Labels
ClientThis issue points to a problem in the data-plane of the library.CosmosService AttentionWorkflow: This issue is responsible by Azure service team.customer-reportedIssues that are reported by GitHub users external to the Azure organization.feature-requestThis issue requires a new behavior in the product in order be resolved.needs-team-attentionWorkflow: This issue needs attention from Azure service team or SDK team
@marcellustavares

Description

@marcellustavares
marcellustavares
opened on Oct 28, 2025

Is your feature request related to a problem? Please describe.

In direct mode, the current Netty version adopted by Cosmos SDK uses an Netty version does not verify endpoint. Not doing hostname verification is obsolete and insecure practice.

Current Cosmos SDK API version does not offer ways to configure/validate the endpoint.

Describe the solution you'd like

I would vote that Cosmos SDK adopts a more recent and less vulnerable Netty version. Ideally the latest 4.2.x

Describe alternatives you've considered

I considered upgrading the Netty dependencies myself but current Cosmos SDK code will not work without a patch.

Thanks!

Metadata

Metadata

Assignees

Labels

ClientThis issue points to a problem in the data-plane of the library.CosmosService AttentionWorkflow: This issue is responsible by Azure service team.customer-reportedIssues that are reported by GitHub users external to the Azure organization.feature-requestThis issue requires a new behavior in the product in order be resolved.needs-team-attentionWorkflow: This issue needs attention from Azure service team or SDK team

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions