Skip to content

[deps] Upgrade netty and Exclude plexus-utils#41

Merged
Brindrajsinh-Chauhan merged 1 commit intokaleido-besu-release-25.8.0from
netty-plexus-cve-fix
Apr 2, 2026
Merged

[deps] Upgrade netty and Exclude plexus-utils#41
Brindrajsinh-Chauhan merged 1 commit intokaleido-besu-release-25.8.0from
netty-plexus-cve-fix

Conversation

@onelapahead
Copy link
Copy Markdown

@onelapahead onelapahead commented Apr 2, 2026

Fixes:

| kaleido-node-besu:26.3.0-r1241                   | CVE-2026-33870      | HIGH     | 7.5   | NVD        | io.netty:netty-codec-http        | 4.1.132.Final, 4.2.10.Final | io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of ... | NO     | Java, besu-source/accepta... |
| kaleido-node-besu:26.3.0-r1241                   | CVE-2026-33871      | HIGH     | 7.5   | NVD        | io.netty:netty-codec-http2       | 4.1.132.Final, 4.2.11.Final | netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood              | NO     | Java, besu-source/accepta... |
| kaleido-node-besu:26.3.0-r1241                   | CVE-2025-67030      | HIGH     | 8.8   | NVD        | org.codehaus.plexus:plexus-utils | 4.0.3                       | org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extrac... | NO     | Java, besu-source/accepta... |

@onelapahead
[deps] Upgrade netty and Exclude plexus-utils
0410bd0 
Signed-off-by: hfuss <hayden.fuss@kaleido.io>
@Brindrajsinh-Chauhan Brindrajsinh-Chauhan merged commit dc2c81d into kaleido-besu-release-25.8.0 Apr 2, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Brindrajsinh-Chauhan Brindrajsinh-Chauhan Brindrajsinh-Chauhan approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@onelapahead @Brindrajsinh-Chauhan