alextitov1 opened a new issue, #6714:
URL: https://github.com/apache/jmeter/issues/6714

   Hi team,
   
   In addition to the open [PR](https://github.com/apache/jmeter/pull/6701), 
our vulnerability reports the following CVEs in the dependency tree
   
   | CVE | Package | Component Type | Severity | Version | 
   |---|---|---|---|---|
   | CVE-2025-24970 | io.netty:netty-handler | Java Code Library | High | 
4.1.118.Final |
   | CVE-2026-44249 | io.netty:netty-handler | Java Code Library | High | 
4.1.135.Final |
   | CVE-2026-45416 | io.netty:netty-handler | Java Code Library | High | 
4.1.135.Final |
   | CVE-2026-50010 | io.netty:netty-handler | Java Code Library | High | 
4.1.135.Final |
   | CVE-2026-42583 | io.netty:netty-codec | Java Code Library | High | 
4.1.133.Final |
   
   Could we look into updating these to the patched versions?
   
   @vlsi please consider updating these dependencies in your open PR.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to