SpringBoot CVE-2022-41881 and CVE-2022-41915 in netty

CVE-2022-41881 CVE-2022-41915 Netty versions prior to 4.1.86.Final is vulnerable to above CVEs, and currently spring-boot-dependencies highest version 2.7.6 includes 4.1.85.Final version netty. Could you please upgrade the netty version? Thanks.

Comment From: scottfrederick

Thanks for getting in touch. We have a semi-automated process for dependency upgrades that we will use to upgrade all relevant dependencies before the next releases.

In the meantime, you can use the appropriate build properties to override the managed version to the latest version as shown in the documentation.

Comment From: scottfrederick

See #33580