Skip to content

[Backport 2.13] Netty 4.1.131#6521

Merged
dlvenable merged 1 commit into
2.13from
backport/backport-6518-to-2.13
Feb 16, 2026
Merged

[Backport 2.13] Netty 4.1.131#6521
dlvenable merged 1 commit into
2.13from
backport/backport-6518-to-2.13

Update Netty to 4.1.131. Resolves CVE-2025-67735, CVE-2025-59419. (#6…

5671dc5
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / Mend Security Check failed Feb 16, 2026 in 5m 39s

Security Report

6 new vulnerabilities were introduced in this branch.

❌ New vulnerabilities:

Vulnerability Severity CVSS Score Vulnerable Library Direct Library Suggested Fix Issue
CVE-2026-21441

Path to dependency file: /examples/trace-analytics-sample-app/sample-app/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260216185054_VZRRRT/python_MMBLLG/202602161850541/env/lib/python3.9/site-packages/urllib3-2.5.0.dist-info

Dependency Hierarchy:

-> ❌ urllib3-2.5.0-py3-none-any.whl (Vulnerable Library)

High 8.6 Direct urllib3-2.5.0-py3-none-any.whl urllib3-2.5.0-py3-none-any.whl 2.6.3 #6344
CVE-2026-0994

Path to dependency file: /examples/trace-analytics-sample-app/sample-app/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260216185054_VZRRRT/python_MMBLLG/202602161850541/env/lib/python3.9/site-packages/protobuf-4.25.8.dist-info

Dependency Hierarchy:

-> ❌ protobuf-4.25.8-cp37-abi3-manylinux2014_x86_64.whl (Vulnerable Library)

High 8.6 Direct protobuf-4.25.8-cp37-abi3-manylinux2014_x86_64.whl protobuf-4.25.8-cp37-abi3-manylinux2014_x86_64.whl protobuf - 6.33.5,https://github.com/protocolbuffers/protobuf.git - v33.5,https://github.com/protocolbuffers/protobuf.git - v5.29.6 #6441
CVE-2025-66471

Path to dependency file: /examples/trace-analytics-sample-app/sample-app/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260216185054_VZRRRT/python_MMBLLG/202602161850541/env/lib/python3.9/site-packages/urllib3-2.5.0.dist-info

Dependency Hierarchy:

-> ❌ urllib3-2.5.0-py3-none-any.whl (Vulnerable Library)

High 8.6 Direct urllib3-2.5.0-py3-none-any.whl urllib3-2.5.0-py3-none-any.whl urllib3 - 2.6.0,https://github.com/urllib3/urllib3.git - 2.6.0 #6344
CVE-2025-66418

Path to dependency file: /examples/trace-analytics-sample-app/sample-app/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260216185054_VZRRRT/python_MMBLLG/202602161850541/env/lib/python3.9/site-packages/urllib3-2.5.0.dist-info

Dependency Hierarchy:

-> ❌ urllib3-2.5.0-py3-none-any.whl (Vulnerable Library)

High 8.6 Direct urllib3-2.5.0-py3-none-any.whl urllib3-2.5.0-py3-none-any.whl https://github.com/urllib3/urllib3.git - 2.6.0,urllib3 - 2.6.0 #6344
CVE-2026-21860

Path to dependency file: /examples/trace-analytics-sample-app/sample-app/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260216185054_VZRRRT/python_MMBLLG/202602161850541/env/lib/python3.9/site-packages/werkzeug-3.0.6.dist-info

Dependency Hierarchy:

-> ❌ werkzeug-3.0.6-py3-none-any.whl (Vulnerable Library)

Medium 5.3 Direct werkzeug-3.0.6-py3-none-any.whl werkzeug-3.0.6-py3-none-any.whl 3.1.5 #6326
CVE-2025-66221

Path to dependency file: /examples/trace-analytics-sample-app/sample-app/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260216185054_VZRRRT/python_MMBLLG/202602161850541/env/lib/python3.9/site-packages/werkzeug-3.0.6.dist-info

Dependency Hierarchy:

-> ❌ werkzeug-3.0.6-py3-none-any.whl (Vulnerable Library)

Medium 5.3 Direct werkzeug-3.0.6-py3-none-any.whl werkzeug-3.0.6-py3-none-any.whl 3.1.4 #6326

Base branch total remaining vulnerabilities: 2
Base branch commit: 77449a93c58fa6ae31dc7aa50659b99e2077cdc1


Total libraries scanned: 102

Scan token: 590bb9ce67a040c2b1c842678d5798b6

View more details on Mend for GitHub.com