Skip to content

Comments

Update netty-codec-http, log4j-core, and rhino to fix security vulnerabilities#164

Open
cx-amol-mane wants to merge 1 commit intomasterfrom
security/fix-vulnerabilities-51b52545
Open

Update netty-codec-http, log4j-core, and rhino to fix security vulnerabilities#164
cx-amol-mane wants to merge 1 commit intomasterfrom
security/fix-vulnerabilities-51b52545

Conversation

@cx-amol-mane
Copy link
Contributor

@cx-amol-mane cx-amol-mane commented Dec 31, 2025

This PR updates the following dependencies to address critical security vulnerabilities:

Package Name Current Version Target Version
netty-codec-http 4.2.5.Final 4.2.8.Final
log4j-core 2.17.1 2.25.3
rhino 1.7.15 1.7.15.1

CVEs Fixed:

These updates resolve low and medium severity vulnerabilities, enhancing the security of our application.


---
*This PR was automatically generated by Grype SCA Agent.*

@cx-amol-mane
fix: update 3 packages to address 3 vulnerabilities
772080a 
Security updates to remediate identified vulnerabilities:

- netty-codec-http: 4.2.5.Final → 4.2.8.Final (fixes: GHSA-84h7-rjj3-6jx4)
- log4j-core: 2.17.1 → 2.25.3 (fixes: GHSA-vc5p-v9hr-52mj)
- rhino: 1.7.15 → 1.7.15.1 (fixes: GHSA-3w8q-xq97-5j7x)

Scanned by Grype SCA Agent
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

size/XS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cx-amol-mane