Resolve Netty CVEs for Java Lambda Layer

### Description
A customer has reported several vulnerabilities via an AWS inspector security scan:
- [CVE-2026-44249](https://nvd.nist.gov/vuln/detail/CVE-2026-44249)
- [CVE-2026-50010](https://nvd.nist.gov/vuln/detail/CVE-2026-50010)
- [CVE-2026-45416](https://nvd.nist.gov/vuln/detail/CVE-2026-45416)
- [CVE-2026-48043](https://nvd.nist.gov/vuln/detail/CVE-2026-48043)
- [CVE-2026-50560](https://nvd.nist.gov/vuln/detail/CVE-2026-50560)
- [CVE-2026-50020](https://nvd.nist.gov/vuln/detail/CVE-2026-50020)
- [CVE-2026-47244](https://nvd.nist.gov/vuln/detail/CVE-2026-47244)

These vulnerabilities can be resolved by bumping Netty to 4.1.135.Final which was done initially in AWS with version [2.46.5](https://repo1.maven.org/maven2/software/amazon/awssdk/aws-sdk-java-pom/2.46.5/aws-sdk-java-pom-2.46.5.pom). We will want to bump the `amazon.awssdk` dependency to use the aforementioned version (or more current) in our Java AWS Lambda repo, followed by bumping Java AWS Lambda dependency version in the New Relic Lambda Layer.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Resolve Netty CVEs for Java Lambda Layer #2948

Description

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Uh oh!

Resolve Netty CVEs for Java Lambda Layer #2948

Description

Description

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions