From 777116cdb2438b951ba29021054adc9552ae9cc6 Mon Sep 17 00:00:00 2001
From: Ralph Ursprung <Ralph.Ursprung@avaloq.com>
Date: Tue, 11 Feb 2025 14:51:49 +0100
Subject: [PATCH] bump netty to 4.1.118.Final

this resolves CVE-2025-24970.

Signed-off-by: Ralph Ursprung <Ralph.Ursprung@avaloq.com>
---
 CHANGELOG.md              | 1 +
 gradle/libs.versions.toml | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8fb2c2d1e06f6..72ce64d72d033 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -82,6 +82,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 - Bump `com.google.code.gson:gson` from 2.11.0 to 2.12.1 ([#17229](https://github.com/opensearch-project/OpenSearch/pull/17229))
 - Bump `org.jruby.joni:joni` from 2.2.1 to 2.2.3 ([#17136](https://github.com/opensearch-project/OpenSearch/pull/17136))
 - Bump `org.apache.ant:ant` from 1.10.14 to 1.10.15 ([#17288](https://github.com/opensearch-project/OpenSearch/pull/17288))
+- Bump netty from 4.1.117.Final to 4.1.118.Final ([#](https://github.com/opensearch-project/OpenSearch/pull/))
 
 ### Changed
 - Indexed IP field supports `terms_query` with more than 1025 IP masks [#16391](https://github.com/opensearch-project/OpenSearch/pull/16391)
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 1e3153078a2f5..32b8cb431afeb 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -32,7 +32,7 @@ grpc              = "1.68.2"
 # when updating the JNA version, also update the version in buildSrc/build.gradle
 jna               = "5.13.0"
 
-netty             = "4.1.117.Final"
+netty             = "4.1.118.Final"
 joda              = "2.12.7"
 roaringbitmap     = "1.3.0"