MLE-24529 - Force newer jetty and netty libraries to avoid CVEs

org.eclipse.jetty:jetty-http:12.1.1
io.netty:netty-all:4.2.6.Final

Author: BillFarber

build.gradle

@@ -54,6 +54,16 @@ configurations {
       // Force v3.19 of commons-lang3 to avoid CVE-2025-48924 (https://www.cve.org/CVERecord?id=CVE-2025-48924), which
       // is caused by the use of avro-compiler v1.12.0 with older dependencies including commons-lang3 v3.12.0.
       force 'org.apache.commons:commons-lang3:3.19.0'
+
+      // Force v12.1.1 of jetty-http to avoid CVE-2025-5115
+      // (https://nvd.nist.gov/vuln/detail/CVE-2025-5115), which is a transitive
+      // dependency of Kafka connect-runtime:4.1.0
+      force "org.eclipse.jetty:jetty-http:12.1.1"
+
+      // Force v4.2.6.Final of netty-all to avoid CVE-2025-58057
+      // (https://www.cve.org/CVERecord?id=CVE-2025-58057), which is a transitive
+      // dependency of marklogic-data-hub:6.2.1      
+      force "io.netty:netty-all:4.2.6.Final"
     }
   }
 }