Skip to content

Upgrade netty-version to 4.1.124.Final #762

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 20, 2025
Merged

Upgrade netty-version to 4.1.124.Final #762

merged 1 commit into from
Aug 20, 2025

Conversation

ivo-vachkov
Copy link

@ivo-vachkov ivo-vachkov commented Aug 20, 2025
edited
Loading

... to address CVE-2025-55163

Date: August 13, 2025

Netty is an asynchronous, event-driven network application framework.  
Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS.  
This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control  
frames in order to break the max concurrent streams limit - which results in resource  
exhaustion and distributed denial of service.  

This issue has been patched in versions 4.1.124.Final and 4.2.4.Final.

@DerGuteMoritz
Copy link
Collaborator

Thanks a lot! I'll tag a new release by tomorrow!

@DerGuteMoritz DerGuteMoritz merged commit 56e3075 into clj-commons:master Aug 20, 2025
1 check passed
@DerGuteMoritz DerGuteMoritz mentioned this pull request Aug 20, 2025
Closed
@ivo-vachkov
Copy link
Author

tomorrow

Thank you!
It's the least I can do!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@arnaudgeiser arnaudgeiser Awaiting requested review from arnaudgeiser arnaudgeiser is a code owner

@DerGuteMoritz DerGuteMoritz Awaiting requested review from DerGuteMoritz DerGuteMoritz is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ivo-vachkov @DerGuteMoritz