Commits
Bryan Cutler authored and GitHub committed ea4f03ac166
GH-36209: [Java] Upgrade Netty due to security vulnerability (#36211) ### Rationale for this change Upgrading Netty dependency due to CVE https://github.com/advisories/GHSA-6mjq-h674-j845 This also requires a patch to arrow-memory ### What changes are included in this PR? Upgrading Netty, gRPC and Protobuf dependencies ### Are these changes tested? Existing tests ### Are there any user-facing changes? No **This PR contains a "Critical Fix".** netty-handler SniHandler 16MB allocation The SniHandler can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the SniHandler to allocate 16MB of heap. https://github.com/advisories/GHSA-6mjq-h674-j845 * Closes: #36209 Authored-by: Bryan Cutler <cutlerb@gmail.com> Signed-off-by: David Li <li.davidm96@gmail.com>