From 1be56d4e8135e0a1775e6f91f4039855eaa5e148 Mon Sep 17 00:00:00 2001 From: Erik Merkle Date: Tue, 11 Nov 2025 11:48:58 -0600 Subject: [PATCH] CNDB-16024: HCD-205: Upgrade Netty to 4.1.128.Final (#2063) This patch upgrades Netty to address CVEs: CVE-2025-55163 CVE-2025-58056 CVE-2025-58057 CVE-2025-59419 A recent security scan of HCD 1.2.3 shows a vulnerable version of Netty. This patch updates Netty to 4.1.128.Final to address CVEs: CVE-2025-55163 CVE-2025-58056 CVE-2025-58057 CVE-2025-59419 --- .build/parent-pom-template.xml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.build/parent-pom-template.xml b/.build/parent-pom-template.xml index d079b091690..010dbc14bbb 100644 --- a/.build/parent-pom-template.xml +++ b/.build/parent-pom-template.xml @@ -39,6 +39,7 @@ 1.14.17 4.0.23 0.5.1 + 4.1.128.Final @asm.version@ @@ -733,7 +734,7 @@ io.netty netty-all - 4.1.119.Final + ${netty.version} io.netty @@ -827,18 +828,18 @@ io.netty netty-transport-native-epoll - 4.1.119.Final + ${netty.version} io.netty netty-transport-native-epoll - 4.1.119.Final + ${netty.version} linux-x86_64 io.netty netty-transport-native-epoll - 4.1.119.Final + ${netty.version} linux-aarch_64