From a3374d7f3fe6831fd640ed4fe589e0ab4e6fe920 Mon Sep 17 00:00:00 2001
From: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Date: Thu, 16 Apr 2026 13:31:21 +0000
Subject: [PATCH] Fix CVE-2025-58057: override transitive Netty to patched netty-bom 4.1.125.Final

---
 pom.xml |    9 +++++++++
 1 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/pom.xml b/pom.xml
index 55422cf..f4a760b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -154,6 +154,15 @@
         		<scope>import</scope>
         	</dependency>
 
+            <!-- Fix CVE-2025-58057: Override transitive Netty to patched version -->
+            <dependency>
+                <groupId>io.netty</groupId>
+                <artifactId>netty-bom</artifactId>
+                <version>4.1.125.Final</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+
             <dependency>
                 <groupId>com.io7m.jcip</groupId>
                 <artifactId>com.io7m.jcip.annotations</artifactId>

--
Gitblit v1.10.0