From aab044d1e20cc04acb5ad539ef6f4c35cbc89ead Mon Sep 17 00:00:00 2001
From: German Osin <german.osin@gmail.com>
Date: Thu, 14 Aug 2025 15:29:43 +0300
Subject: [PATCH 1/3] Added fixed version of netty http2

---
 api/build.gradle          | 1 +
 gradle/libs.versions.toml | 1 +
 2 files changed, 2 insertions(+)

diff --git a/api/build.gradle b/api/build.gradle
index 582ed0ed4..b6fedb7a5 100644
--- a/api/build.gradle
+++ b/api/build.gradle
@@ -69,6 +69,7 @@ dependencies {
     implementation libs.apache.commons.compress
     implementation libs.okhttp3.logging.intercepter
     implementation libs.reactor.netty.http
+    implementation libs.netty.codec.http2
     // CVE Fixes End
 
     implementation libs.modelcontextprotocol.spring.webflux
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index c020b6f2d..60ba10771 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -153,3 +153,4 @@ snappy = {module = 'org.xerial.snappy:snappy-java', version = '1.1.10.7'}
 
 # CVE fixes
 reactor-netty-http = {module = 'io.projectreactor.netty:reactor-netty-http', version = '1.2.8'}
+netty-codec-http2 = {module = 'io.netty:netty-codec-http2', version = '4.1.124'}

From 487139b234d9b0e560474cab202ff067c27be92d Mon Sep 17 00:00:00 2001
From: German Osin <german.osin@gmail.com>
Date: Thu, 14 Aug 2025 15:33:49 +0300
Subject: [PATCH 2/3] Added fixed version of netty http2

---
 gradle/libs.versions.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 60ba10771..bbe45ac82 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -153,4 +153,4 @@ snappy = {module = 'org.xerial.snappy:snappy-java', version = '1.1.10.7'}
 
 # CVE fixes
 reactor-netty-http = {module = 'io.projectreactor.netty:reactor-netty-http', version = '1.2.8'}
-netty-codec-http2 = {module = 'io.netty:netty-codec-http2', version = '4.1.124'}
+netty-codec-http2 = {module = 'io.netty:netty-codec-http2', version = '4.1.124.Final'}

From 135a66bf56c6b8530224cc7cf631dee5fef516dd Mon Sep 17 00:00:00 2001
From: German Osin <german.osin@gmail.com>
Date: Thu, 14 Aug 2025 19:24:08 +0300
Subject: [PATCH 3/3] Update gradle/libs.versions.toml

Co-authored-by: Yeikel Santana <email@yeikel.com>
---
 gradle/libs.versions.toml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index bbe45ac82..94e022899 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -153,4 +153,5 @@ snappy = {module = 'org.xerial.snappy:snappy-java', version = '1.1.10.7'}
 
 # CVE fixes
 reactor-netty-http = {module = 'io.projectreactor.netty:reactor-netty-http', version = '1.2.8'}
+# Fixes https://www.cve.org/CVERecord?id=CVE-2025-55163
 netty-codec-http2 = {module = 'io.netty:netty-codec-http2', version = '4.1.124.Final'}