Bug 36446805 - [36446745->24.09] Update Netty to version 4.1.108.Final (main -> ce/main @ 107903)

dhirupandey · dhirupandey · commit 45483703bf92 · 2024-03-26T19:13:52.000-05:00
Job: job.9.20240326221822.23335

[git-p4: depot-paths = "//dev/coherence-ce/main/": change = 107915]
diff --git a/prj/coherence-dependencies/pom.xml b/prj/coherence-dependencies/pom.xml
@@ -224,7 +224,7 @@
     <micrometer.version>1.11.3</micrometer.version>
     <!-- NOTE: this version should ideally be in sync' with that used by Helidon
          This is not always possible if we need to bump versions for CVE's -->
-    <netty.version>4.1.100.Final</netty.version>
+    <netty.version>4.1.108.Final</netty.version>
     <opentelemetry.version>1.29.0</opentelemetry.version>
     <opentelemetry.proto.version>1.0.0-alpha</opentelemetry.proto.version>
     <opentracing.grpc.version>0.2.3</opentracing.grpc.version>
diff --git a/prj/etc/dependency-check-suppression.xml b/prj/etc/dependency-check-suppression.xml
@@ -441,17 +441,6 @@
     <cve>CVE-2024-20932</cve>
   </suppress>
 
-  <!-- suppress netty-* CVE-2023-4586 in 4.1.100 -->
-  <suppress>
-    <notes><![CDATA[
-    file name: netty-codec-memcache-4.1.100.Final.jar
-    file name: netty-codec-mqtt-4.1.100.Final.jar
-    file name: netty-transport-4.1.100.Final.jar
-    ]]></notes>
-    <packageUrl regex="true">^pkg:maven/io\.netty/netty-.*@.*$</packageUrl>
-    <cve>CVE-2023-4586</cve>
-  </suppress>
-
   <!-- suppress plexus-classworlds, plexus-component-annotations- CVE-2022-4244,
    CVE-2022-4245. See COH-28553 - dependency scan plugin needs to be fixed -->
   <suppress>
