Update Netty to 4.1.131. Resolves CVE-2025-67735, CVE-2025-59419. (#6518) (#6521)

opensearch-trigger-bot[bot] · dlvenable · web-flow · commit 5a3ef6eb997b · 2026-02-16T10:47:25.000-08:00
(cherry picked from commit 5ebad97) Signed-off-by: David Venable <dlv@amazon.com> Co-authored-by: David Venable <dlv@amazon.com>
diff --git a/build.gradle b/build.gradle
@@ -237,11 +237,11 @@ subprojects {
         resolutionStrategy.eachDependency { def details ->
             if (details.requested.group == 'io.netty') {
                 if (details.requested.name == 'netty') {
-                    details.useTarget group: 'io.netty', name: 'netty-all', version: '4.1.124.Final'
-                    details.because 'Fixes CVE-2025-24970, CVE-2022-41881, CVE-2021-21290 and CVE-2022-41915.'
+                    details.useTarget group: 'io.netty', name: 'netty-all', version: '4.1.131.Final'
+                    details.because 'Fixes CVE-2025-67735, CVE-2025-59419, CVE-2025-24970, CVE-2022-41881, CVE-2021-21290 and CVE-2022-41915.'
                 } else if (!details.requested.name.startsWith('netty-tcnative')) {
-                    details.useVersion '4.1.125.Final'
-                    details.because 'Fixes CVE-2025-58057, CVE-2025-58056, CVE-2025-55163, CVE-2025-24970, CVE-2022-41881, CVE-2021-21290 and CVE-2022-41915.'
+                    details.useVersion '4.1.131.Final'
+                    details.because 'Fixes CVE-2025-67735, CVE-2025-59419, CVE-2025-58057, CVE-2025-58056, CVE-2025-55163, CVE-2025-24970, CVE-2022-41881, CVE-2021-21290 and CVE-2022-41915.'
                 }
             } else if (details.requested.group == 'log4j' && details.requested.name == 'log4j') {
                 details.useTarget group: 'org.apache.logging.log4j', name: 'log4j-1.2-api', version: '2.17.1'
