Netty security issues (CVE-2022-41915 and CVE-2021-43797)

[mauricio-sky]

There are two issues with netty-codec-http-4.1.60 comming with the latest AHC 2.12.3 that will be fixed on the AHC 3.x (as I checked the code it is using 4.1.100.Final of netty for AHC 3.x), I'd like to check if there is an expectation for a 3.x release or it those could be fixed on 2.12.x.

• CVE-2022-41915 (this one seems a veracode false warning as the description says it would happen from 4.1.83.Final to < 4.1.86.Final)
• CVE-2021-43797

Thanks.

[mauricio-sky]

Also I tried to create a branch to submit a fix and I had not permission :(
How could I contribute?