search

micrometer-metrics / micrometer

An application observability facade for the most popular observability tools. Think SLF4J, but for observability.
https://micrometer.io
Apache License 2.0
4.48k stars 992 forks source link

Update shaded Netty to 4.1.115 - CVE-2024-47535 #5664

Closed philBrown closed 3 hours ago

philBrown commented 3 hours ago

Please describe the feature request.

Please update the shaded Netty version to 4.1.115.Final in gradle/libs.versions.toml

Rationale

The current version of the shaded Netty library

netty = "4.1.114.Final"

Contains vulnerability CVE-2024-47535

This is fixed in 4.1.115.Final.

Additional context

See https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv

jonatan-ivanov commented 3 hours ago

Duplicate of https://github.com/micrometer-metrics/micrometer/pull/5660

philBrown commented 3 hours ago

Uh, so sorry. I searched but didn't see that one