Skip to content

[GHSA-rwm7-x88c-3g2p] Netty epoll transport denial of service via RST on half-closed TCP connection#7623

Open
jneira-stratio wants to merge 1 commit intojneira-stratio/advisory-improvement-7623from
jneira-stratio-GHSA-rwm7-x88c-3g2p
Open

[GHSA-rwm7-x88c-3g2p] Netty epoll transport denial of service via RST on half-closed TCP connection#7623
jneira-stratio wants to merge 1 commit intojneira-stratio/advisory-improvement-7623from
jneira-stratio-GHSA-rwm7-x88c-3g2p

Conversation

@jneira-stratio
Copy link
Copy Markdown

@jneira-stratio jneira-stratio commented May 8, 2026

Updates

  • Affected products

Comments
The description says "All versions of 4.2.x netty-transport-native-epoll up to and including 4.2.12.Final" but version constraints are covering all versions lower than 4.2.13.Final

@github
Copy link
Copy Markdown
Collaborator

github commented May 8, 2026

Hi there @chrisvest! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository.

This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory

Copilot AI review requested due to automatic review settings May 8, 2026 13:10
@github-actions github-actions Bot changed the base branch from main to jneira-stratio/advisory-improvement-7623 May 8, 2026 13:11
@jneira-stratio
Copy link
Copy Markdown
Author

jneira-stratio commented May 8, 2026

Hi, i've proposed 4.2.10.Final because i dont see any other lower 4.2.x version released in maven central , maybe it should be the real first 4.2.x version

Copilot AI reviewed May 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the affected version range for the Netty io.netty:netty-transport-native-epoll advisory (GHSA-rwm7-x88c-3g2p) to avoid incorrectly marking all versions as affected.

Changes:

  • Narrowed the affected range by changing the introduced event from 0 to 4.2.10.Final.
Comments suppressed due to low confidence (1)

advisories/github-reviewed/2026/05/GHSA-rwm7-x88c-3g2p/GHSA-rwm7-x88c-3g2p.json:32

  • The advisory details say "All versions of 4.2.x ... up to and including 4.2.12.Final", but the affected range now starts at 4.2.10.Final. This would mark 4.2.0–4.2.9 as unaffected, which contradicts the text. Either change the introduced version to the earliest affected 4.2.x release (e.g. 4.2.0.Final if applicable), or update the "Affected versions" section in details to match the narrowed range.
            {
              "introduced": "4.2.10.Final"
            },
            {
              "fixed": "4.2.13.Final"
            }

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jneira-stratio @github