From 557d3e21297795a5da4b10f870246eb1ee57e4db Mon Sep 17 00:00:00 2001
From: Spolti <fspolti@redhat.com>
Date: Tue, 18 Feb 2025 11:27:48 -0300
Subject: [PATCH] Fix CVE-2025-24970

chore:	Fix [CVE-2025-24970](https://github.com/advisories/GHSA-4g8c-wm8x-jfhw)
	SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine

Signed-off-by: Spolti <fspolti@redhat.com>
---
 pom.xml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index ed761dbe..8b719bfd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -57,8 +57,8 @@
     <!--suppress UnresolvedMavenProperty -->
     <jenkins-build-tag>${env.BUILD_TAG}</jenkins-build-tag>  <!-- set by jenkins -->
 
-    <grpc-version>1.60.2</grpc-version>
-    <netty-version>4.1.108.Final</netty-version>
+    <grpc-version>1.63.2</grpc-version>
+    <netty-version>4.1.118.Final</netty-version>
     <litelinks-version>1.7.2</litelinks-version>
     <kv-utils-version>0.5.1</kv-utils-version>
     <etcd-java-version>0.0.24</etcd-java-version>
@@ -437,6 +437,10 @@
       <groupId>io.grpc</groupId>
       <artifactId>grpc-netty</artifactId>
     </dependency>
+    <dependency>
+      <groupId>io.grpc</groupId>
+      <artifactId>grpc-core</artifactId>
+    </dependency>
 
     <!-- This is required for compiling on java11+, to provide
        the @Generated annotation used in the protoc-generated