From 0851ea8486c2c4fbffe03ef477628a6ee26ab5aa Mon Sep 17 00:00:00 2001
From: Krishnananthalingam Tharmigan
 <63336800+TharmiganK@users.noreply.github.com>
Date: Thu, 13 Feb 2025 12:45:49 +0530
Subject: [PATCH 1/3] Update http version

---
 gradle.properties | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gradle.properties b/gradle.properties
index 735f4a98..ce0efde2 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -8,7 +8,7 @@ githubJohnrengelmanShadowVersion=8.1.1
 checkstyleToolVersion=7.8.2
 githubSpotbugsVersion=5.0.14
 testngVersion=7.6.1
-nettyVersion=4.1.115.Final
+nettyVersion=4.1.118.Final
 underCouchDownloadVersion=5.4.0
 researchgateReleaseVersion=2.8.0
 slf4jVersion=1.7.30

From d327826059e3ae2a1571e2223cf2520580ecb1ae Mon Sep 17 00:00:00 2001
From: Krishnananthalingam Tharmigan
 <63336800+TharmiganK@users.noreply.github.com>
Date: Thu, 13 Feb 2025 12:49:36 +0530
Subject: [PATCH 2/3] Update changelog

---
 changelog.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/changelog.md b/changelog.md
index 67749f06..8ccc7e10 100644
--- a/changelog.md
+++ b/changelog.md
@@ -3,6 +3,12 @@ This file contains all the notable changes done to the Ballerina UDP package thr
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [Unreleased]
+
+### Fixed
+
+- [Address Netty security vulnerabilities: `CVE-2025-24970` and `CVE-2025-25193`](https://github.com/ballerina-platform/ballerina-library/issues/7571)
+
 ## [1.11.1] - 2024-11-19
 
 ### Fixed

From 37bf81178f6420afa3bfda2f3911561d10a01bab Mon Sep 17 00:00:00 2001
From: Krishnananthalingam Tharmigan
 <63336800+TharmiganK@users.noreply.github.com>
Date: Thu, 13 Feb 2025 12:50:52 +0530
Subject: [PATCH 3/3] Ignore CVE-2025-25193

---
 .trivyignore | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 .trivyignore

diff --git a/.trivyignore b/.trivyignore
new file mode 100644
index 00000000..a9ce4994
--- /dev/null
+++ b/.trivyignore
@@ -0,0 +1 @@
+CVE-2025-25193