BE: CVE fix of netty http2 (#1268)

Co-authored-by: Yeikel Santana <email@yeikel.com>

Author: germanosin

api/build.gradle

@@ -69,6 +69,7 @@ dependencies {
     implementation libs.apache.commons.compress
     implementation libs.okhttp3.logging.intercepter
     implementation libs.reactor.netty.http
+    implementation libs.netty.codec.http2
     // CVE Fixes End
 
     implementation libs.modelcontextprotocol.spring.webflux

gradle/libs.versions.toml

@@ -153,3 +153,5 @@ snappy = {module = 'org.xerial.snappy:snappy-java', version = '1.1.10.7'}
 
 # CVE fixes
 reactor-netty-http = {module = 'io.projectreactor.netty:reactor-netty-http', version = '1.2.8'}
+# Fixes https://www.cve.org/CVERecord?id=CVE-2025-55163
+netty-codec-http2 = {module = 'io.netty:netty-codec-http2', version = '4.1.124.Final'}