Security Vulnerabilities: Netty CVEs in appsmith-ce:v2.1

Hi Appsmith team,

We have identified some Netty vulnerabilities in the official `appsmith/appsmith-ce:v2.1` image using Trivy.

Here is the relevant output for the affected Netty components:

```text
│ io.netty:netty-codec-dns (mysqlPlugin-v2.1.jar)              │ CVE-2026-42579      │          │          │                   │ 4.2.13.Final, 4.1.133.Final                             │ netty: Netty: High integrity impact due to improper DNS      │
│ io.netty:netty-codec-http (awsLambdaPlugin-v2.1.jar)         │ CVE-2026-42584      │          │          │                   │ 4.2.13.Final, 4.1.133.Final                             │ netty: io.netty/netty-codec-http: Netty: Incorrect HTTP      │
│ io.netty:netty-codec-http (awsLambdaPlugin-v2.1.jar)         │ CVE-2026-42581      │          │          │                   │                                                         │ netty: io.netty/netty-codec-http: Netty: HTTP Request        │
```

Could you please update the Netty dependencies to address these CVEs?

Thanks!


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security Vulnerabilities: Netty CVEs in appsmith-ce:v2.1 #41901

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Security Vulnerabilities: Netty CVEs in appsmith-ce:v2.1 #41901

Description

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions