From 9db84cbb33509a5226d985c55263db6f5464d5e0 Mon Sep 17 00:00:00 2001
From: Alexander01998 <contact.wurstimperium@gmail.com>
Date: Thu, 14 Nov 2024 15:36:43 +0100
Subject: [PATCH] Force-update netty to patch CVE-2024-47535

As with the msal4j exploit, this is bundled with Minecraft so you will get the vulnerable version anyways until Mojang updates.
---
 build.gradle | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/build.gradle b/build.gradle
index 5bbd2cc..efe5cfb 100644
--- a/build.gradle
+++ b/build.gradle
@@ -27,11 +27,13 @@ repositories {
 	// for more information about repositories.
 }
 
-// Override vulnerable msal4j dependency until Minecraft updates to a newer version
+// Override vulnerable dependencies until Minecraft updates to newer versions
 configurations.all {
 	resolutionStrategy {
-		// v1.15.0, used by Minecraft 1.21.3, is vulnerable to CVE-2024-35255
-		force 'com.microsoft.azure:msal4j:1.17.2'
+		// v1.15.0, used by Minecraft 1.21.2 and 1.21.3, is vulnerable to CVE-2024-35255
+		force "com.microsoft.azure:msal4j:1.17.2"
+		// v4.1.97.Final, used by Minecraft 1.21 - 1.21.3, is vulnerable to CVE-2024-47535
+		force "io.netty:netty-common:4.1.115.Final"
 	}
 }