Skip to content

[3.15] Bump to Netty 4.1.118.Final #46199

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Feb 13, 2025
Merged

[3.15] Bump to Netty 4.1.118.Final #46199

merged 2 commits into from
Feb 13, 2025

Conversation

@jponge
Copy link
Member

@jponge jponge commented Feb 11, 2025

Fixes the following CVEs:

There is no need to bump Vert.x + Mutiny bindings, the CVEs are fixed at the Netty level.

I also added a separate commit to fix compilation issues for integration-tests/rest-client-reactive-stork

@jponge
Bump to Netty 4.1.118.Final
207320a 
Fixes the following CVEs:
- CVE-2025-24970
- CVE-2025-25193

There is no need to bump Vert.x + Mutiny bindings, the CVEs are fixed at the Netty level.
@jponge
Fix the integration-tests/rest-client-reactive-stork POM to compile
4b1818a
@quarkus-bot
Copy link

quarkus-bot bot commented Feb 11, 2025

/cc @aloubyansky (3.15), @gastaldi (3.15), @gsmet (3.15), @jmartisk (3.15), @rsvoboda (3.15)

@quarkus-bot quarkus-bot bot changed the title Bump to Netty 4.1.118.Final [3.15] Bump to Netty 4.1.118.Final Feb 11, 2025
@quarkus-bot quarkus-bot bot added area/dependencies Pull requests that update a dependency file area/netty labels Feb 11, 2025
This was referenced Feb 11, 2025
Closed
Merged
@quarkus-bot
Copy link

quarkus-bot bot commented Feb 11, 2025
edited by github-actions bot
Loading

Status for workflow Quarkus CI

This is the status report for running Quarkus CI on commit 4b1818a.

✅ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

You can consult the Develocity build scans.

@geoand geoand merged commit bdcfe4c into quarkusio:3.15 Feb 13, 2025
52 checks passed
@mabartos
Copy link
Contributor

@geoand @aloubyansky Will this be part of the Quarkus 3.15.4 payload? And when can we expect it? Thanks!

@jmartisk jmartisk added this to the 3.15.3.1 milestone Feb 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gastaldi gastaldi gastaldi approved these changes

@aloubyansky aloubyansky aloubyansky approved these changes

Assignees

No one assigned

Labels

area/dependencies Pull requests that update a dependency file area/netty

Projects

None yet

Milestone

3.15.3.1

Development

Successfully merging this pull request may close these issues.

6 participants

@jponge @mabartos @gastaldi @aloubyansky @jmartisk @geoand