lhotari opened a new pull request, #24717: URL: https://github.com/apache/pulsar/pull/24717
### Motivation Addresses CVE-2025-58057 and CVE-2025-58056 in Netty. Pulsar users aren't impacted, but we need to use dependencies that don't contain known CVEs. Release notes * https://netty.io/news/2025/09/03/4-1-126-Final.html * https://netty.io/news/2025/09/08/4-1-127-Final.html Netty tcnative was upgraded to 2.0.73.Final as a transitive dependency. - [changes in netty-tcnative 2.0.73.Final](https://github.com/netty/netty-tcnative/compare/netty-tcnative-parent-2.0.72.Final...netty-tcnative-parent-2.0.73.Final) ### Modifications - upgrade to Netty 4.1.127.Final ### Documentation <!-- DO NOT REMOVE THIS SECTION. CHECK THE PROPER BOX ONLY. --> - [ ] `doc` <!-- Your PR contains doc changes. --> - [ ] `doc-required` <!-- Your PR changes impact docs and you will update later --> - [x] `doc-not-needed` <!-- Your PR changes do not impact docs --> - [ ] `doc-complete` <!-- Docs have been already added --> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
