Dear Olingo Community,
odata-server-api and odata-server-core 4.7.1 have a direct dependency on
io.netty netty-codec-http 4.1.43.Final
This version has known security vulnerabilities ranked with medium and high CVSS score.
https://snyk.io/vuln/SNYK-JAVA-IONETTY-1020439 -> fixed in 4.1.53Final or higher
https://snyk.io/vuln/SNYK-JAVA-IONETTY-543669 -> fixed in 4.1.44.Final or higher
https://snyk.io/vuln/SNYK-JAVA-IONETTY-543490 -> fixed in 4.1.44.Final or higher
Upgrading the dependency to 4.1.53Final would fix the issue.
P.S. com.fasterxml.jackson.core » jackson-core 2.10.0 is outdated, too and could be upgraded to 2.11.3