fix(security): upgrade netty-codec-http to 4.2.13.Final to fix GHSA-xxqh-mfjm-7mv9

Copilot · gygrobot · web-flow · commit c7bf73a4c610 · 2026-05-22T14:28:21.000Z
Agent-Logs-Url: https://github.com/getyourguide/openapi-validation-java/sessions/3a972867-0314-484a-b5c4-002a1e61c727 Co-authored-by: gygrobot <19344429+gygrobot@users.noreply.github.com>
diff --git a/build.gradle b/build.gradle
@@ -35,6 +35,11 @@ subprojects {
                 useVersion('11.0.21')
                 because('GHSA-rv64-5gf8-9qq8 / GHSA-x4m4-345f-5h5g / GHSA-24j9-x2wg-9qv6: Apache Tomcat < 11.0.21 vulnerabilities')
             }
+            if (requested.group == 'io.netty' && requested.name == 'netty-codec-http'
+                    && requested.version != null && requested.version < '4.2.13.Final') {
+                useVersion('4.2.13.Final')
+                because('GHSA-xxqh-mfjm-7mv9: Netty HTTP/1.0 TE+CL coexistence bypasses smuggling sanitization')
+            }
         }
     }
 

Original file line number	Diff line number	Diff line change
`@@ -35,6 +35,11 @@ subprojects {`
`35`	`35`	`useVersion('11.0.21')`
`36`	`36`	`because('GHSA-rv64-5gf8-9qq8 / GHSA-x4m4-345f-5h5g / GHSA-24j9-x2wg-9qv6: Apache Tomcat < 11.0.21 vulnerabilities')`
`37`	`37`	`}`
	`38`	`+ if (requested.group == 'io.netty' && requested.name == 'netty-codec-http'`
	`39`	`+ && requested.version != null && requested.version < '4.2.13.Final') {`
	`40`	`+ useVersion('4.2.13.Final')`
	`41`	`+ because('GHSA-xxqh-mfjm-7mv9: Netty HTTP/1.0 TE+CL coexistence bypasses smuggling sanitization')`
	`42`	`+ }`
`38`	`43`	`}`
`39`	`44`	`}`
`40`	`45`