Can we get a patch release with dependency bumps? Re: CVE-2025-24970

[danerubado-wk]

First off thanks a lot for the package- it is immensely helpful! Sorry if this isn't the right place to ask but I am unaware of a better alternative.

The latest available version of this package on the maven repo (3.3.0) contains netty-handler v4.1.115.Final which is flagging us for https://nvd.nist.gov/vuln/detail/CVE-2025-24970. Rather than put a transitive override in we are hoping to get a new 3.3.1 patch release with dependency bumps that resolve this CVE.

Thanks in advance!

[Srilekha0502]

@danerubado-wk thanks for addressing this. We have encountered the same vulnerability in our environment as well. Just would like to know the approximate release date planned for the next version (3.3.1) that includes this fix. Thank you!