Security Upgrade Request – Netty Version (4.4 & 5.x Branches)

Hi Maintainers,

We need help upgrading the current Netty version in both the **4.4** and **5.x** branches due to a known vulnerability.

---

## 🔐 Vulnerability Details

| Vulnerability   | Severity | CVSS3    | Package                   | Current Version | Fixed in Version            |
|----------------|----------|----------|---------------------------|----------------|-----------------------------|
| CVE-2025-67735 | Medium   | NVD: 6.5 | io.netty:netty-codec-http | 4.1.127.Final  | 4.1.129.Final, 4.2.8.Final  |
| CVE-2025-67735 | Medium   | NVD: 6.5 | io.netty:netty-codec-http | 4.2.7.Final    | 4.1.129.Final, 4.2.8.Final  |

---

## 📦 Current Netty Versions in Repository

### 4.4 Branch
```xml
<netty-bom.version>4.1.127.Final</netty-bom.version>
```

### 5.x Branch
```xml
<netty-bom.version>4.2.6.Final</netty-bom.version>
```

Thanks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security Upgrade Request – Netty Version (4.4 & 5.x Branches) #1729

🔐 Vulnerability Details

📦 Current Netty Versions in Repository

4.4 Branch

5.x Branch

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Vulnerability	Severity	CVSS3	Package	Current Version	Fixed in Version
CVE-2025-67735	Medium	NVD: 6.5	io.netty:netty-codec-http	4.1.127.Final	4.1.129.Final, 4.2.8.Final
CVE-2025-67735	Medium	NVD: 6.5	io.netty:netty-codec-http	4.2.7.Final	4.1.129.Final, 4.2.8.Final

Security Upgrade Request – Netty Version (4.4 & 5.x Branches) #1729

Description

🔐 Vulnerability Details

📦 Current Netty Versions in Repository

4.4 Branch

5.x Branch

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions