Zookeeper: Fix CVE-2025-24970

CHANGELOG.md

@@ -55,6 +55,7 @@ All notable changes to this project will be documented in this file.
 - spark-connect-client: Add `3.5.6` ([#1142]).
 - git-sync: Bump version to 4.4.1 ([#1151]).
 - zookeeper: bump jetty version for CVE-2024-13009 in 3.9.3 ([#1179])
+- zookeeper: bump netty version for CVE-2025-24970 in 3.9.3 ([#1180])
 
 ### Changed
 
@@ -192,6 +193,7 @@ All notable changes to this project will be documented in this file.
 [#1168]: https://github.com/stackabletech/docker-images/pull/1168
 [#1170]: https://github.com/stackabletech/docker-images/pull/1170
 [#1179]: https://github.com/stackabletech/docker-images/pull/1179
+[#1180]: https://github.com/stackabletech/docker-images/pull/1180
 
 ## [25.3.0] - 2025-03-21
 

zookeeper/stackable/patches/3.9.3/0006-Bumping-netty-to-4.1.119.Final-to-fix-CVE-2025-24970.patch

@@ -0,0 +1,22 @@
+From 60f6980c40d9bdc3b9a447d68fd9c4c02da7d3de Mon Sep 17 00:00:00 2001
+From: Maxi Wittich <[email protected]>
+Date: Tue, 17 Jun 2025 16:53:38 +0200
+Subject: Bumping netty to 4.1.119.Final to fix CVE-2025-24970
+
+---
+ pom.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pom.xml b/pom.xml
+index 9c201245..4d725e5e 100644
+--- a/pom.xml
++++ b/pom.xml
+@@ -559,7 +559,7 @@
+     <mockito.version>4.9.0</mockito.version>
+     <hamcrest.version>2.2</hamcrest.version>
+     <commons-cli.version>1.5.0</commons-cli.version>
+-    <netty.version>4.1.113.Final</netty.version>
++    <netty.version>4.1.119.Final</netty.version>
+     <jetty.version>9.4.57.v20241219</jetty.version>
+     <jackson.version>2.15.2</jackson.version>
+     <jline.version>2.14.6</jline.version>