From f3d29e3c20623283584d79469ad24a7d1b626a9a Mon Sep 17 00:00:00 2001
From: David Rabinowitz <davidrabinowitz@users.noreply.github.com>
Date: Mon, 7 Aug 2023 08:42:03 -0700
Subject: [PATCH] CVE-2023-34462: Upgrading netty (#1039)

---
 CHANGES.md                    | 2 ++
 spark-bigquery-parent/pom.xml | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/CHANGES.md b/CHANGES.md
index 957fcb509..ef8159d0f 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -2,6 +2,8 @@
 
 ## Next
 
+* CVE-2023-34462: Upgrading netty to verision 4.1.96.Final
+
 ## 0.32.1 - 2023-08-03
 
 * PR #1025: Handle Java 8 types for dates and timestamps when compiling filters. Thanks @tom-s-powell !
diff --git a/spark-bigquery-parent/pom.xml b/spark-bigquery-parent/pom.xml
index 4b137b97e..9684e7a12 100644
--- a/spark-bigquery-parent/pom.xml
+++ b/spark-bigquery-parent/pom.xml
@@ -62,7 +62,7 @@
         <grpc.version>1.55.1</grpc.version>
         <guava.version>32.0.0-jre</guava.version>
         <jackson.version>2.14.2</jackson.version>
-        <netty.version>4.1.92.Final</netty.version>
+        <netty.version>4.1.96.Final</netty.version>
         <paranamer.version>2.8</paranamer.version>
         <protobuf.version>3.23.0</protobuf.version>
         <zstd.version>1.4.9-1</zstd.version>