bump netty to 4.1.118.Final

[rursprung]

Description

this resolves CVE-2025-24970.

Related Issues

n/a

Check List

• Functionality includes testing.
• API changes companion pull request created, if applicable.
• Public documentation issue/PR created, if applicable.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[rursprung]

please add the backport labels for 2.x, 2.19 and probably 2.19.0 (it'd be good if this would land in the 2.19.0 release as it's a CVE classified as "high" and now starts to pop up on all dependency scanners)

the changelog verifier currently fails due to the missing backport labels

[github-actions]

❌ Gradle check result for 2c8c5e2: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

[github-actions]

❌ Gradle check result for 844975e: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

[cwperks]

TY @rursprung!

[github-actions]

✅ Gradle check result for 844975e: SUCCESS

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 72.36%. Comparing base (302a3fd) to head (844975e).
Report is 1 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff              @@
##               main   #17320      +/-   ##
============================================
- Coverage     72.47%   72.36%   -0.12%     
+ Complexity    65618    65522      -96     
============================================
  Files          5291     5291              
  Lines        304347   304347              
  Branches      44182    44182              
============================================
- Hits         220578   220227     -351     
- Misses        65670    66031     +361     
+ Partials      18099    18089      -10     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[opensearch-trigger-bot]

The backport to 2.19 failed:

The process '/usr/bin/git' failed with exit code 128

To backport manually, run these commands in your terminal:

# Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/OpenSearch/backport-2.19 2.19
# Navigate to the new working tree
pushd ../.worktrees/OpenSearch/backport-2.19
# Create a new branch
git switch --create backport/backport-17320-to-2.19
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 c82fffe8e333a8fff600dc22fa2e1aed7276d180
# Push it to GitHub
git push --set-upstream origin backport/backport-17320-to-2.19
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/OpenSearch/backport-2.19

Then, create a pull request where the base branch is 2.19 and the compare/head branch is backport/backport-17320-to-2.19.

[cwperks]

Took a quick glance at GHSA-4g8c-wm8x-jfhw and I don't see any usages in the security repo of the affected code: context.newHandler(....) which uses the native SSL Engine. I do see usages of newEngine in the security repo.