From 5671dc56886404d5c27e006634d850345115d1a3 Mon Sep 17 00:00:00 2001
From: David Venable <dlv@amazon.com>
Date: Mon, 16 Feb 2026 12:46:39 -0600
Subject: [PATCH] Update Netty to 4.1.131. Resolves CVE-2025-67735,
 CVE-2025-59419. (#6518)

Signed-off-by: David Venable <dlv@amazon.com>
(cherry picked from commit 5ebad970eaf6113423317a83f79ecae33925af73)
---
 build.gradle | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/build.gradle b/build.gradle
index d610c8027d..4a90a9b8bf 100644
--- a/build.gradle
+++ b/build.gradle
@@ -237,11 +237,11 @@ subprojects {
         resolutionStrategy.eachDependency { def details ->
             if (details.requested.group == 'io.netty') {
                 if (details.requested.name == 'netty') {
-                    details.useTarget group: 'io.netty', name: 'netty-all', version: '4.1.124.Final'
-                    details.because 'Fixes CVE-2025-24970, CVE-2022-41881, CVE-2021-21290 and CVE-2022-41915.'
+                    details.useTarget group: 'io.netty', name: 'netty-all', version: '4.1.131.Final'
+                    details.because 'Fixes CVE-2025-67735, CVE-2025-59419, CVE-2025-24970, CVE-2022-41881, CVE-2021-21290 and CVE-2022-41915.'
                 } else if (!details.requested.name.startsWith('netty-tcnative')) {
-                    details.useVersion '4.1.125.Final'
-                    details.because 'Fixes CVE-2025-58057, CVE-2025-58056, CVE-2025-55163, CVE-2025-24970, CVE-2022-41881, CVE-2021-21290 and CVE-2022-41915.'
+                    details.useVersion '4.1.131.Final'
+                    details.because 'Fixes CVE-2025-67735, CVE-2025-59419, CVE-2025-58057, CVE-2025-58056, CVE-2025-55163, CVE-2025-24970, CVE-2022-41881, CVE-2021-21290 and CVE-2022-41915.'
                 }
             } else if (details.requested.group == 'log4j' && details.requested.name == 'log4j') {
                 details.useTarget group: 'org.apache.logging.log4j', name: 'log4j-1.2-api', version: '2.17.1'