From a8e6c9d1c5f9257f40f431aca3edacf0fdc9769d Mon Sep 17 00:00:00 2001
From: Suresh Prakash <suresh.prakash@traceable.ai>
Date: Tue, 16 Jun 2026 18:05:14 +0530
Subject: [PATCH 1/2] NO-TICKET/[agent-vuln-fix] Upgrade netty 4.1.133.Final ->
 4.2.13.Final (CVE-2026-42582)

CVE-2026-42582 (CVSS 8.8): Netty vulnerability affecting all io.netty artifacts.
Fix version per NVD: 4.2.13.Final (confirmed available in Maven Central).

Cascade fix: Traceableai/api-anomaly-detection -> traceable-bom -> hypertrace-bom

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 gradle/libs.versions.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 66e3bf6..9d6287f 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -10,7 +10,7 @@ hypertrace-gatewayservice = "0.3.9"
 hypertrace-entityservice = "0.8.86"
 hypertrace-configservice = "0.1.74"
 jetty = "12.1.9"
-netty = "4.1.133.Final"
+netty = "4.2.13.Final"
 
 junit = "5.10.0"
 mockito = "5.8.0"

From d52b67fc29d155c6b18baab1a1d1b956226a26da Mon Sep 17 00:00:00 2001
From: Suresh Prakash <suresh.prakash@traceable.ai>
Date: Wed, 17 Jun 2026 15:35:40 +0530
Subject: [PATCH 2/2] NO-TICKET/[agent-vuln-fix] Upgrade netty 4.2.13.Final ->
 4.2.15.Final (CVE-2026-46340 et al)

---
 gradle/libs.versions.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 9d6287f..35c55ec 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -10,7 +10,7 @@ hypertrace-gatewayservice = "0.3.9"
 hypertrace-entityservice = "0.8.86"
 hypertrace-configservice = "0.1.74"
 jetty = "12.1.9"
-netty = "4.2.13.Final"
+netty = "4.2.15.Final"
 
 junit = "5.10.0"
 mockito = "5.8.0"