SpringBoot CVE-2024-47535 for springdoc-openapi-webflux-core

Summary

while building my code, i'm using the following dependency , when i ran dependency:tree command from maven , i found it's using netty-XXX.4.1.112.Final version

        <dependency>
            <groupId>org.springdoc</groupId>
            <artifactId>springdoc-openapi-webflux-core</artifactId>
            <version>1.8.0</version>
            <scope>runtime</scope>
        </dependency>

according to this article CVE , this is a bug. what's the fix for this? and should i be worried?

Comment From: bclozel

I don't know. We are not maintaining this project. Please raise this with the project maintainers.