KUDU-3581: upgrade Netty to 4.1.110.Final Even if Kudu doesn't use anything from Netty at its server side and is not affected by the HTTP/2 rapid reset issue, it makes sense to upgrade the Netty package used by the Kudu Java client library to include the fix for well-known CVE [1]. It would be enough to upgrade up to 4.1.100.Final, but I took the liberty of upgrading up to the latest available 4.1.110.Final version. [1] https://www.cve.org/CVERecord?id=CVE-2023-44487 Change-Id: I6e2ad686374b06d7b8cb28a7a456c21977b95ea8 Reviewed-on: http://gerrit.cloudera.org:8080/21464 Tested-by: Alexey Serbin <alexey@apache.org> Reviewed-by: Yingchun Lai <laiyingchun@apache.org>

commit: 8d5f82483665fd6229d08fdfe94c87b07f80f986 [log] [tgz]
author: Alexey Serbin <alexey@apache.org> Tue May 28 16:52:14 2024 -0700
committer: Alexey Serbin <alexey@apache.org> Wed May 29 05:57:06 2024 +0000
tree: b932b2d1a0d65a1eb5d596e39eba6d636f8dc083
parent: cf550d6d7cdd61f6c65f9ef75a1706cb91839876 [diff]
diff --git a/java/gradle/dependencies.gradle b/java/gradle/dependencies.gradle
index 2a9724a..e205649 100755
--- a/java/gradle/dependencies.gradle
+++ b/java/gradle/dependencies.gradle

@@ -49,7 +49,7 @@
     micrometer     : "1.8.2",
     mockito        : "4.2.0",
     murmur         : "1.0.0",
-    netty          : "4.1.94.Final",
+    netty          : "4.1.110.Final",
     osdetector     : "1.6.2",
     protobuf       : "3.21.12",
     ranger         : "2.1.0",
commit	8d5f82483665fd6229d08fdfe94c87b07f80f986	[log] [tgz]
author	Alexey Serbin <alexey@apache.org>	Tue May 28 16:52:14 2024 -0700
committer	Alexey Serbin <alexey@apache.org>	Wed May 29 05:57:06 2024 +0000
tree	b932b2d1a0d65a1eb5d596e39eba6d636f8dc083
parent	cf550d6d7cdd61f6c65f9ef75a1706cb91839876 [diff]