gergelyfabian opened a new issue, #23745: URL: https://github.com/apache/pulsar/issues/23745
### Search before asking - [X] I searched in the [issues](https://github.com/apache/pulsar/issues) and found nothing similar. ### Read release policy - [X] I understand that unsupported versions don't get bug fixes. I will attempt to reproduce the issue on a supported version of Pulsar client and Pulsar broker. ### Version pulsar-client:3.3.2 ### Minimal reproduce step pulsar-client has a dependence on async-http-client in a version (2.12.1) that has a critical CVE: https://github.com/advisories/GHSA-mfj5-cf8g-g2fv ### What did you expect to see? I'd like to be able to use pulsar-client without any critical/high CVEs included. ### What did you see instead? A critical CVE is detected when I use pulsar-client. ### Anything else? _No response_ ### Are you willing to submit a PR? - [X] I'm willing to submit a PR! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@pulsar.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org