Netty Vulnerability in Neo4j Java Driver


there is an open Vulnerability in the Netty dependency of the current Neo4j Java Driver which is already fixed in newer Netty versions.

An issue in the GitHub project has already been opened by someone:

Other Netty dependencies like netty-transport, netty-buffer and so on are affected too.

We are also waiting for this vulnerability to be closed, is there a timeline when this dependency will be updated?


1 Like


I'm also waiting for this. I would be nice to have a timeline information.


Hi. We will aim to get a new version released by the end of the week.

1 Like

New version: