KUDU-3581: upgrade Netty to 4.1.110.Final
Even if Kudu doesn't use anything from Netty at its server side and
is not affected by the HTTP/2 rapid reset issue, it makes sense to
upgrade the Netty package used by the Kudu Java client library
to include the fix for well-known CVE [1]. It would be enough to
upgrade up to 4.1.100.Final, but I took the liberty of upgrading
up to the latest available 4.1.110.Final version.
[1] https://www.cve.org/CVERecord?id=CVE-2023-44487
Change-Id: I6e2ad686374b06d7b8cb28a7a456c21977b95ea8
Reviewed-on: http://gerrit.cloudera.org:8080/21464
Tested-by: Alexey Serbin <alexey@apache.org>
Reviewed-by: Yingchun Lai <laiyingchun@apache.org>
diff --git a/java/gradle/dependencies.gradle b/java/gradle/dependencies.gradle
index 2a9724a..e205649 100755
--- a/java/gradle/dependencies.gradle
+++ b/java/gradle/dependencies.gradle
@@ -49,7 +49,7 @@
micrometer : "1.8.2",
mockito : "4.2.0",
murmur : "1.0.0",
- netty : "4.1.94.Final",
+ netty : "4.1.110.Final",
osdetector : "1.6.2",
protobuf : "3.21.12",
ranger : "2.1.0",