Skip to content

Please upgrade dependencies because of io.netty:netty-codec-http vulnerability #1525

New issue
New issue
Closed
Closed
Please upgrade dependencies because of io.netty:netty-codec-http vulnerability#1525
Labels
dependenciesPull requests that update a dependency filepending releaseResolution implemented, pending official release
@viktoridzojtic-dynatrace

Description

@viktoridzojtic-dynatrace
viktoridzojtic-dynatrace
opened on Sep 5, 2025

Describe the bug

The versions of the dependencies rds and sts that are currently included depend on io.netty:[email protected], which has a vulnerability (see https://nvd.nist.gov/vuln/detail/CVE-2025-58056). The latest version of those packages depend on the fixed version of netty.

Expected Behavior

Upgrade io.netty:netty-codec-http to 4.1.125.Final or 4.2.5.Final.

What plugins are used? What other connection properties were set?

rds, sts

Current Behavior

The current version 2.6.3 includes io.netty:[email protected], which has a vulnerability.

Reproduction Steps

Include dependency on aws-advanced-jdbc-wrapper 2.6.3 in project.

Possible Solution

Upgrade the versions of the dependencies.

Additional Information/Context

No response

The AWS Advanced JDBC Driver version used

2.6.3

JDK version used

openjdk 21.0.7 2025-04-15 LTS OpenJDK Runtime Environment Temurin-21.0.7+6 (build 21.0.7+6-LTS) OpenJDK 64-Bit Server VM Temurin-21.0.7+6 (build 21.0.7+6-LTS, mixed mode, sharing)

Operating System and version

MacOs Version 15.6

Metadata

Metadata

Assignees

No one assigned

    Labels

    dependenciesPull requests that update a dependency filepending releaseResolution implemented, pending official release

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions