Skip to content

Commit 4eb8973

Browse files
yeikelyeikel
authored
BE: Chore: Overwrite Netty temporarily (#1323)
1 parent 5f439f3 commit 4eb8973

File tree

3 files changed

+20
-0
lines changed

3 files changed

+20
-0
lines changed

.github/dependabot.yml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,10 +20,19 @@ updates:
2020
update-types:
2121
- "patch"
2222
- "minor"
23+
exclude-patterns:
24+
- "org.springframework.boot:*"
25+
- "io.spring.dependency-management"
26+
# All netty references are temporary overwrites that must be set carefully
27+
# We do not need dependabot to send pull requests
28+
- "io.netty:*"
2329
other-dependencies:
2430
exclude-patterns:
2531
- "org.springframework.boot:*"
2632
- "io.spring.dependency-management"
33+
# All netty references are temporary overwrites that must be set carefully
34+
# We do not need dependabot to send pull requests
35+
- "io.netty:*"
2736
patterns:
2837
- "*"
2938
update-types:

api/build.gradle

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,10 @@ dependencies {
6868
// CVE Fixes
6969
implementation libs.apache.commons.compress
7070
implementation libs.okhttp3.logging.intercepter
71+
// START Fixes https://www.cve.org/CVERecord?id=CVE-2025-58056 and https://www.cve.org/CVERecord?id=CVE-2025-58057
72+
implementation libs.netty.codec
73+
implementation libs.netty.codec.http
74+
// END Fixes https://www.cve.org/CVERecord?id=CVE-2025-58056 and https://www.cve.org/CVERecord?id=CVE-2025-58057
7175
// CVE Fixes End
7276

7377
implementation libs.modelcontextprotocol.spring.webflux

gradle/libs.versions.toml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
[versions]
22
spring-boot = '3.5.5'
33
nimbus-jose-jwt = '10.0.2'
4+
netty = '4.1.125.Final'
45

56
aws-msk-auth = '2.3.0'
67
azure-identity = '1.15.4'
@@ -149,3 +150,9 @@ prometheus-metrics-textformats = { module = 'io.prometheus:prometheus-metrics-ex
149150
prometheus-metrics-exporter-pushgateway = { module = 'io.prometheus:prometheus-metrics-exporter-pushgateway', version.ref = 'prometheus'}
150151

151152
snappy = {module = 'org.xerial.snappy:snappy-java', version = '1.1.10.7'}
153+
154+
# CVE fixes
155+
# START Fixes https://www.cve.org/CVERecord?id=CVE-2025-58056 and https://www.cve.org/CVERecord?id=CVE-2025-58057
156+
netty-codec = {module = 'io.netty:netty-codec', version.ref = 'netty'}
157+
netty-codec-http = {module = 'io.netty:netty-codec-http', version.ref = 'netty'}
158+
# END Fixes https://www.cve.org/CVERecord?id=CVE-2025-58056 and https://www.cve.org/CVERecord?id=CVE-2025-58057

0 commit comments

Comments
 (0)