micronaut 4.9 OutOfMemoryError #12064
Description
Expected Behavior
Hi,
We use micronaut platform 4.9.1 (micronaut-core 4.9.7) in our microservice application. Recently, due to security vulnerabilities of GHSA-fghv-69vj-qj49 and GHSA-3p8m-j85q-pgmj
https://nvd.nist.gov/vuln/detail/CVE-2025-58056
https://nvd.nist.gov/vuln/detail/CVE-2025-58057
We had to override netty 4.2.2.Final that micronaut-core 4.9.7 uses with version 4.2.5.Final:
https://github.com/micronaut-projects/micronaut-core/blob/v4.9.7/gradle/libs.versions.toml#L83
Since then we found our application experience many OutOfMemoryError if the service is tested with medium load. Most stack traces point to netty.
We tested the following combinations but all failed with OutOfMemoryError:
micronaut platform 4.9.1 (micronaut-core 4.9.7) io.netty version 4.2.5.Final
micronaut platform 4.9.1 (micronaut-core 4.9.7) io.netty version 4.2.6.Final
micronaut platform 4.9.3 (micronaut-core 4.9.10) io.netty version 4.2.4.Final
micronaut platform 4.9.3 (micronaut-core 4.9.10) io.netty version 4.2.5.Final
micronaut platform 4.9.3 (micronaut-core 4.9.10) io.netty version 4.2.6.Final
Would you share some insights regarding this?
We noticed that micronaut-core 4.9.11 comes with io.netty version 4.2.5.Final, however there is no micronaut-platform release for this setting.
We also noticed that micronaut-core 4.10.x is using io.netty version 4.2.6.Final
What would be your next release? And timing expectations? Would the new release address the OutOfMemoryError?
Actual Behaviour
No response
Steps To Reproduce
No response
Environment Information
No response
Example Application
No response
Version
4.9.3