Revert "BE: Chore: Bump Spring Boot to 3.5.5 (kafbat#1286)"

This reverts commit d1b55ae.

Author: Yeikel

api/build.gradle

@@ -68,6 +68,8 @@ dependencies {
     // CVE Fixes
     implementation libs.apache.commons.compress
     implementation libs.okhttp3.logging.intercepter
+    implementation libs.reactor.netty.http
+    implementation libs.netty.codec.http2
     // CVE Fixes End
 
     implementation libs.modelcontextprotocol.spring.webflux

gradle/libs.versions.toml

@@ -1,5 +1,5 @@
 [versions]
-spring-boot = '3.5.5'
+spring-boot = '3.5.3'
 nimbus-jose-jwt = '10.0.2'
 
 aws-msk-auth = '2.3.0'
@@ -149,3 +149,8 @@ prometheus-metrics-textformats = { module = 'io.prometheus:prometheus-metrics-ex
 prometheus-metrics-exporter-pushgateway  = { module = 'io.prometheus:prometheus-metrics-exporter-pushgateway', version.ref = 'prometheus'}
 
 snappy = {module = 'org.xerial.snappy:snappy-java', version = '1.1.10.7'}
+
+# CVE fixes
+reactor-netty-http = {module = 'io.projectreactor.netty:reactor-netty-http', version = '1.2.8'}
+# Fixes https://www.cve.org/CVERecord?id=CVE-2025-55163
+netty-codec-http2 = {module = 'io.netty:netty-codec-http2', version = '4.1.124.Final'}