Vulnerable Dependency Entrenchment

A known vulnerable library version persists in production (e.g., netty-all), leading to high scanner/security findings while an upgrade is merely underway or suppressed, creating a recurring mismatch between risk visibility and actual remediation.