Upgrade Netty to 4.1.133.Final

vkalapov · vkalapov · commit 3ee30bb93d23 · 2026-05-19T11:05:21.000+03:00
diff --git a/pom.xml b/pom.xml
@@ -39,6 +39,8 @@
         <cloudfoundry-client.version>5.16.0.RELEASE</cloudfoundry-client.version>
         <!--reactor netty 1.3.x uses direct memory leading to OOM errors-->
         <reactor-netty.version>1.2.17</reactor-netty.version>
+        <!-- Override Netty version to fix CVE-2026-42583 (Lz4FrameDecoder resource exhaustion) -->
+        <netty.version>4.1.133.Final</netty.version>
         <swagger.version>1.6.16</swagger.version>
         <jclouds.version>2.7.0</jclouds.version>
         <guava.version>33.5.0-jre</guava.version>
@@ -291,6 +293,14 @@
     </dependencies>
     <dependencyManagement>
         <dependencies>
+            <!-- Override Netty version to fix CVE-2026-42583 -->
+            <dependency>
+                <groupId>io.netty</groupId>
+                <artifactId>netty-bom</artifactId>
+                <version>${netty.version}</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
             <dependency>
                 <groupId>org.apache.commons</groupId>
                 <artifactId>commons-compress</artifactId>
