From 6caa7ac6b34b4964141068ab5b954be1621c5238 Mon Sep 17 00:00:00 2001 From: Valera V Harseko Date: Tue, 9 Jun 2026 12:04:16 +0300 Subject: [PATCH] CVE-2026-45536 CVE-2026-45416 CVE-2026-44249 Netty: Unix-socket fd receive leaks descriptors when peer sends two at once Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes Netty has an IPv6 Subnet Filter Bypass via Incorrect Comparator Masking --- pom.xml | 89 --------------------------------------------------------- 1 file changed, 89 deletions(-) diff --git a/pom.xml b/pom.xml index 7be9c91494..0c07a8f990 100644 --- a/pom.xml +++ b/pom.xml @@ -137,7 +137,6 @@ 1.0.0 false 1.3.15 - 4.2.13.Final 2.0.69.Final -Xdoclint:none @@ -1727,94 +1726,6 @@ jnr-posix 3.1.11 - - io.netty - netty-parent - ${netty.version} - pom - - - io.netty - netty-all - ${netty.version} - - - io.netty - netty-common - ${netty.version} - - - io.netty - netty-resolver - ${netty.version} - - - io.netty - netty-transport - ${netty.version} - - - io.netty - netty-handler - ${netty.version} - - - io.netty - netty-transport-native-epoll - ${netty.version} - - - io.netty - netty-transport-native-epoll - ${netty.version} - linux-x86_64 - - - io.netty - netty-transport-native-kqueue - ${netty.version} - - - io.netty - netty-transport-native-kqueue - ${netty.version} - osx-x86_64 - - - io.netty - netty-transport-native-unix-common - ${netty.version} - - - io.netty - netty-buffer - ${netty.version} - - - io.netty - netty-codec-http - ${netty.version} - - - io.netty - netty-codec-socks - ${netty.version} - - - io.netty - netty-handler-proxy - ${netty.version} - - - io.netty - netty-transport-classes-epoll - ${netty.version} - - - io.netty - netty-transport-classes-kqueue - ${netty.version} - io.netty netty-tcnative-boringssl-static