Replies: 1 comment 2 replies
-
|
you will need to file an issue for a reproducer |
Beta Was this translation helpful? Give feedback.
-
|
regarding Netty upgrades you can upgrade yourself manually and see if it helps the error, but I find it unlikely. We will do a new 4.9.x release soon with the Netty upgrade. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for quick reply. I can file an issue. However it's hard to make a reproducer. We found this OOM in several of our microservice when they upgrade to micronaut platform 4.9.1 with netty 4.2.5.Final (version override in dependencyManagement). |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
We use micronaut platform 4.9.1 (micronaut-core 4.9.7) in our microservice application. Recently, due to security vulnerabilities of CVE-2025-58056 and CVE-2025-58057
https://nvd.nist.gov/vuln/detail/CVE-2025-58056
https://nvd.nist.gov/vuln/detail/CVE-2025-58057
We had to override netty 4.2.2.Final that micronaut-core 4.9.7 uses with version 4.2.5.Final:
https://github.com/micronaut-projects/micronaut-core/blob/v4.9.7/gradle/libs.versions.toml#L83
Since then we found our application experience many OutOfMemoryError if the service is tested with medium load. Most stack traces point to netty.
We tested the following combinations but all failed with OutOfMemoryError:
micronaut platform 4.9.1 (micronaut-core 4.9.7) io.netty version 4.2.5.Final
micronaut platform 4.9.1 (micronaut-core 4.9.7) io.netty version 4.2.6.Final
micronaut platform 4.9.3 (micronaut-core 4.9.10) io.netty version 4.2.4.Final
micronaut platform 4.9.3 (micronaut-core 4.9.10) io.netty version 4.2.5.Final
micronaut platform 4.9.3 (micronaut-core 4.9.10) io.netty version 4.2.6.Final
Would you share some insights regarding this?
We noticed that micronaut-core 4.9.11 comes with io.netty version 4.2.5.Final, however there is no micronaut-platform release for this setting.
We also noticed that micronaut-core 4.10.x is using io.netty version 4.2.6.Final
What would be your next release? And timing expectations? Would the new release address the OutOfMemoryError?
Beta Was this translation helpful? Give feedback.
All reactions