From 4dd55783da6ba0391e20aa41470ffad9957bfc0b Mon Sep 17 00:00:00 2001
From: chrislu <chris.lu@gmail.com>
Date: Sat, 22 Nov 2025 14:22:41 -0800
Subject: [PATCH] security: upgrade Netty to 4.1.118.Final

- Upgrade from 4.1.115.Final to 4.1.118.Final
- Fixes CVE-2025-24970: improper validation in SslHandler
- Fixes CVE-2024-47535: unsafe environment file reading on Windows
- Fixes CVE-2024-29025: HttpPostRequestDecoder resource exhaustion
- Addresses GHSA-prj3-ccx8-p6x4 and related vulnerabilities
---
 test/java/spark/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/java/spark/pom.xml b/test/java/spark/pom.xml
index 0f75e4904..b70d7b833 100644
--- a/test/java/spark/pom.xml
+++ b/test/java/spark/pom.xml
@@ -22,7 +22,7 @@
         <junit.version>4.13.2</junit.version>
         <seaweedfs.hadoop3.client.version>3.80</seaweedfs.hadoop3.client.version>
         <jackson.version>2.15.3</jackson.version>
-        <netty.version>4.1.115.Final</netty.version>
+        <netty.version>4.1.118.Final</netty.version>
         <surefire.jvm.args>
             -Xmx2g
             -Dhadoop.home.dir=/tmp