Ktor BOM dependency includes a vulnerable transiti...
# ktorr
Renan Kummer
11/29/2024, 11:19 PMKtor BOM dependency includes a vulnerable transitive dependency based on IntelliJ's report:
• Dependency mavenio.nettynetty-common:4.1.114.Final is vulnerable
It's not possible to force an upgrade to the recommended version without breaking internal Ktor code. Is this already tracked?
a
Aleksei Tirman [JB]
12/02/2024, 7:31 AMNetty is already updated to 4.1.115.Final (see https://github.com/ktorio/ktor/pull/4473).
❤️ 1