CVE-2025-24970 Apache Netty < 4.1.118.Final

NeilBillett · February 28, 2025, 11:30am

…and can subsequently confirm that 2.19.1 is out and does does the trick:

[root@test tmp]# wget https://artifacts.opensearch.org/releases/bundle/opensearch/2.19.1/opensearch-2.19.1-linux-x64.tar.gz
…blah…
[root@test tmp]# tar -xvzf opensearch-2.19.1-linux-x64.tar.gz
…blah…
[root@test tmp]# cd opensearch-2.19.1
[root@test opensearch-2.19.1]# find . -name netty-handler*
./modules/transport-netty4/netty-handler-4.1.118.Final.jar
./performance-analyzer-rca/lib/netty-handler-4.1.118.Final.jar
./performance-analyzer-rca/lib/netty-handler-proxy-4.1.118.Final.jar
./plugins/opensearch-ml/netty-handler-4.1.118.Final.jar
./plugins/opensearch-performance-analyzer/netty-handler-4.1.118.Final.jar
./plugins/opensearch-performance-analyzer/netty-handler-proxy-4.1.118.Final.jar
./plugins/opensearch-security/netty-handler-4.1.118.Final.jar

Thanks for the very quick turnaround!

Topic		Replies	Views
Opensearch v2.2.1 with vulns CVE-2022-24823 CVE-2022-36033 after a Trivy Scan Security cve , security-issue	2	548	September 21, 2022
CVE-2022-42889 by opensearch OpenSearch cve , security-issue	5	1027	October 27, 2022
Does CVE-2021-44228 impact OpenSearch General Feedback cve	9	1674	December 20, 2021
Log4j Patch for CVE-2021-44228 Announcements cve	6	13430	February 15, 2023
CVE-2024-28752 vulnerability in opensearch Security cve , security-issue	2	426	September 19, 2024

CVE-2025-24970 Apache Netty < 4.1.118.Final

Related topics