Invalid CVE-2022-41881 in inappropriate io.netty:* packages
The vulnerability is in io.netty.codec:codec-haproxy, not these packages:
- io.netty:netty-codec-http
- io.netty:netty-codec-http2
- io.netty:netty-codec
- io.netty:netty-handler
- io.netty:netty
Note that this MR does not invalidate this CVE in the following packages:
- io.netty:netty-all (because it bundles io.netty.codec:codec-haproxy)
- io.netty:netty-codec-haproxy (because this package is the source of the vulnerability)
See: https://github.com/micrometer-metrics/micrometer/issues/3571#issuecomment-1360951723