[CHK-12508] dependabot alert: Update netty codec version (#259)

pboos · web-flow · commit 38b9c168cab3 · 2025-09-09T13:26:50.000+02:00
diff --git a/build.gradle b/build.gradle
@@ -5,6 +5,7 @@ plugins {
 
 ext['spring-framework.version'] = '6.2.10'
 ext['tomcat.version'] = '11.0.10'
+ext['netty.version'] = '4.2.6.Final' // Due to security vulnerabilities in 4.125.Final and older
 
 apply from: "${rootDir}/gradle/publish-root.gradle"
 
@@ -87,7 +88,7 @@ subprojects {
             implementation("io.netty:netty-codec-http2:4.2.6.Final") {
                 because("versions below 4.1.124.Final have security vulnerabilities including CVE-2025-55163 - see dependabot #17")
             }
-            implementation("io.netty:netty-codec:4.1.125.Final") {
+            implementation("io.netty:netty-codec:4.2.6.Final") {
                 because("versions below 4.1.125.Final have security vulnerabilities including CVE-2025-58057 - see dependabot #21")
             }
         }

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,7 @@ plugins {`
`5`	`5`
`6`	`6`	`ext['spring-framework.version'] = '6.2.10'`
`7`	`7`	`ext['tomcat.version'] = '11.0.10'`
	`8`	`+ext['netty.version'] = '4.2.6.Final' // Due to security vulnerabilities in 4.125.Final and older`
`8`	`9`
`9`	`10`	`apply from: "${rootDir}/gradle/publish-root.gradle"`
`10`	`11`
`@@ -87,7 +88,7 @@ subprojects {`
`87`	`88`	`implementation("io.netty:netty-codec-http2:4.2.6.Final") {`
`88`	`89`	`because("versions below 4.1.124.Final have security vulnerabilities including CVE-2025-55163 - see dependabot #17")`
`89`	`90`	`}`
`90`		`- implementation("io.netty:netty-codec:4.1.125.Final") {`
	`91`	`+ implementation("io.netty:netty-codec:4.2.6.Final") {`
`91`	`92`	`because("versions below 4.1.125.Final have security vulnerabilities including CVE-2025-58057 - see dependabot #21")`
`92`	`93`	`}`
`93`	`94`	`}`