From 35b3081ca58ffe5807a0049be462abc4e39bc2b5 Mon Sep 17 00:00:00 2001
From: labkey-susanh <susanh@labkey.com>
Date: Wed, 15 Apr 2026 12:55:46 -0700
Subject: [PATCH 1/2] Update to netty version 4.2.12.Final to address CVEs

---
 gradle.properties | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gradle.properties b/gradle.properties
index e0c423c4ac..a0db6ffc61 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -266,8 +266,8 @@ modelContextProtocolVersion=1.1.1
 
 mssqlJdbcVersion=13.2.1.jre11
 
-# Netty - transitive dependency via azure-core-http-netty; force for CVE-2025-67735
-nettyVersion=4.2.8.Final
+# Netty - transitive dependency via azure-core-http-netty; force for CVE-2025-67735, CVE-2026-33871, CVE-2026-33870
+nettyVersion=4.2.12.Final
 # Reactor - transitive dependency via azure-core; force for version consistency across modules
 reactorCoreVersion=3.8.1
 

From bdf155ea7c772bcfa9208db8bffd9c5746da1e66 Mon Sep 17 00:00:00 2001
From: labkey-susanh <susanh@labkey.com>
Date: Thu, 16 Apr 2026 06:18:03 -0700
Subject: [PATCH 2/2] remove less-recent CVE reference

---
 gradle.properties | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gradle.properties b/gradle.properties
index a0db6ffc61..8247427360 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -266,7 +266,7 @@ modelContextProtocolVersion=1.1.1
 
 mssqlJdbcVersion=13.2.1.jre11
 
-# Netty - transitive dependency via azure-core-http-netty; force for CVE-2025-67735, CVE-2026-33871, CVE-2026-33870
+# Netty - transitive dependency via azure-core-http-netty; force for CVE-2026-33871, CVE-2026-33870
 nettyVersion=4.2.12.Final
 # Reactor - transitive dependency via azure-core; force for version consistency across modules
 reactorCoreVersion=3.8.1