Thanks for the heads up David.
I agree with you, we should include this fix in 1.28.1
I will cancel RC2 and create RC3 soon
Regards
Ferenc
On Thu, Nov 14, 2024 at 5:56 PM David Handermann
wrote:
>
> -1 (binding)
>
> Thanks for preparing the RC2 build, Ferenc.
>
> The Netty project published CV
-1 (binding)
Thanks for preparing the RC2 build, Ferenc.
The Netty project published CVE-2024-47535 [1] on 2024-11-12 impacting
versions 4.1.114 and earlier. This issue was resolved in version
4.1.115. Although the attack vector is narrow, as this release is
likely to be the last of the version 1
