Skip to content

Upgrade Netty library to address CVE-2026-42582 #7113

Description

@anabright

Describe the bug

awssdk v2.47.0 has a dependency on Netty [4.1.135.Final]

NVD says CVE-2026-42582 affects Netty libraries up to (excluding) version 4.2.13.Final.

Can these dependencies be upgraded, please?

Regression Issue

  • Select this option if this issue appears to be a regression.

Expected Behavior

Dependency scan doesn't detect any vulnerabilities.

Current Behavior

Dependency scan currently detects vulnerability CVE-2026-42582 in Netty libraries.

Reproduction Steps

Run a vulnerability scan.

Possible Solution

No response

Additional Information/Context

No response

AWS Java SDK version used

2.47.0

JDK version used

21

Operating System and version

Any

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugThis issue is a bug.needs-triageThis issue or PR still needs to be triaged.

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions