From 1f687274c40526abecb62d1cbe64d1a9c640d57d Mon Sep 17 00:00:00 2001
From: rmoff <robin@moffatt.me>
Date: Wed, 7 Jan 2026 12:18:16 +0000
Subject: [PATCH 1/3] Fixes #14983 (CVE-2025-55163)

---
 kafka-connect/build.gradle | 1 +
 1 file changed, 1 insertion(+)

diff --git a/kafka-connect/build.gradle b/kafka-connect/build.gradle
index 44d095e1c6fa..52ac74810bb3 100644
--- a/kafka-connect/build.gradle
+++ b/kafka-connect/build.gradle
@@ -76,6 +76,7 @@ project(':iceberg-kafka-connect:iceberg-kafka-connect-runtime') {
         force 'org.apache.hadoop.thirdparty:hadoop-shaded-guava:1.5.0'
         force 'com.fasterxml.woodstox:woodstox-core:6.7.0'
         force 'commons-beanutils:commons-beanutils:1.11.0'
+        force 'io.grpc:grpc-netty-shaded:1.75.0'
       }
     }
   }

From f32b96972191babbdcbc02d34ac17aa944573b21 Mon Sep 17 00:00:00 2001
From: rmoff <robin@moffatt.me>
Date: Wed, 7 Jan 2026 14:37:44 +0000
Subject: [PATCH 2/3] Update LICENSE/NOTICE files for grpc-netty-shaded version
 updates

- kafka-connect-runtime: Update to 1.75.0
- gcp-bundle: Update to 1.76.2 (current version)
---
 gcp-bundle/LICENSE                               | 2 +-
 gcp-bundle/NOTICE                                | 2 +-
 kafka-connect/kafka-connect-runtime/hive/LICENSE | 2 +-
 kafka-connect/kafka-connect-runtime/hive/NOTICE  | 2 +-
 kafka-connect/kafka-connect-runtime/main/LICENSE | 2 +-
 kafka-connect/kafka-connect-runtime/main/NOTICE  | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/gcp-bundle/LICENSE b/gcp-bundle/LICENSE
index de9a4007e68f..bf084064669c 100644
--- a/gcp-bundle/LICENSE
+++ b/gcp-bundle/LICENSE
@@ -906,7 +906,7 @@ License: Apache 2.0 - https://opensource.org/licenses/Apache-2.0
 
 --------------------------------------------------------------------------------
 
-Group: io.grpc  Name: grpc-netty-shaded  Version: 1.71.0
+Group: io.grpc  Name: grpc-netty-shaded  Version: 1.76.2
 Project URL: https://github.com/grpc/grpc-java
 License: Apache 2.0 - https://opensource.org/licenses/Apache-2.0
 
diff --git a/gcp-bundle/NOTICE b/gcp-bundle/NOTICE
index 5ea9500ec678..465fc754f059 100644
--- a/gcp-bundle/NOTICE
+++ b/gcp-bundle/NOTICE
@@ -29,7 +29,7 @@ from the source code management (SCM) system project uses.
 
 --------------------------------------------------------------------------------
 
-NOTICE for Group: io.grpc  Name: grpc-netty-shaded  Version: 1.71.0
+NOTICE for Group: io.grpc  Name: grpc-netty-shaded  Version: 1.76.2
 
 |                           The Netty Project
 |                           =================
diff --git a/kafka-connect/kafka-connect-runtime/hive/LICENSE b/kafka-connect/kafka-connect-runtime/hive/LICENSE
index 1f18593b0fad..ffa40a6dcfd2 100644
--- a/kafka-connect/kafka-connect-runtime/hive/LICENSE
+++ b/kafka-connect/kafka-connect-runtime/hive/LICENSE
@@ -783,7 +783,7 @@ License (from POM): Apache 2.0 - https://opensource.org/licenses/Apache-2.0
 
 --------------------------------------------------------------------------------
 
-Group: io.grpc  Name: grpc-netty-shaded  Version: 1.71.0
+Group: io.grpc  Name: grpc-netty-shaded  Version: 1.75.0
 Project URL (from POM): https://github.com/grpc/grpc-java
 License (from POM): Apache 2.0 - https://opensource.org/licenses/Apache-2.0
 
diff --git a/kafka-connect/kafka-connect-runtime/hive/NOTICE b/kafka-connect/kafka-connect-runtime/hive/NOTICE
index bdcaa9a7b64b..67754ea42e31 100644
--- a/kafka-connect/kafka-connect-runtime/hive/NOTICE
+++ b/kafka-connect/kafka-connect-runtime/hive/NOTICE
@@ -30,7 +30,7 @@ This binary artifact contains code from the following projects:
 
 --------------------------------------------------------------------------------
 
-Group: io.grpc  Name: grpc-netty-shaded  Version: 1.71.0
+Group: io.grpc  Name: grpc-netty-shaded  Version: 1.75.0
 
 Notice: 
 |                             The Netty Project
diff --git a/kafka-connect/kafka-connect-runtime/main/LICENSE b/kafka-connect/kafka-connect-runtime/main/LICENSE
index c577e143819d..3520cef03028 100644
--- a/kafka-connect/kafka-connect-runtime/main/LICENSE
+++ b/kafka-connect/kafka-connect-runtime/main/LICENSE
@@ -722,7 +722,7 @@ License (from POM): Apache 2.0 - https://opensource.org/licenses/Apache-2.0
 
 --------------------------------------------------------------------------------
 
-Group: io.grpc  Name: grpc-netty-shaded  Version: 1.71.0
+Group: io.grpc  Name: grpc-netty-shaded  Version: 1.75.0
 Project URL (from POM): https://github.com/grpc/grpc-java
 License (from POM): Apache 2.0 - https://opensource.org/licenses/Apache-2.0
 
diff --git a/kafka-connect/kafka-connect-runtime/main/NOTICE b/kafka-connect/kafka-connect-runtime/main/NOTICE
index f2be4788082c..4604727e7ed5 100644
--- a/kafka-connect/kafka-connect-runtime/main/NOTICE
+++ b/kafka-connect/kafka-connect-runtime/main/NOTICE
@@ -30,7 +30,7 @@ This binary artifact contains code from the following projects:
 
 --------------------------------------------------------------------------------
 
-Group: io.grpc  Name: grpc-netty-shaded  Version: 1.71.0
+Group: io.grpc  Name: grpc-netty-shaded  Version: 1.75.0
 
 Notice: 
 |                             The Netty Project

From ed3769b67046791d095dfa1cbb8c0ab71c4abd10 Mon Sep 17 00:00:00 2001
From: rmoff <robin@moffatt.me>
Date: Thu, 8 Jan 2026 09:29:12 +0000
Subject: [PATCH 3/3] Upgrade grpc-netty-shaded to 1.76.2

Addressing review feedback to use 1.76.2 instead of 1.75.0
for consistency with gcp-bundle which already uses 1.76.2.
---
 kafka-connect/build.gradle                       | 2 +-
 kafka-connect/kafka-connect-runtime/hive/LICENSE | 2 +-
 kafka-connect/kafka-connect-runtime/hive/NOTICE  | 2 +-
 kafka-connect/kafka-connect-runtime/main/LICENSE | 2 +-
 kafka-connect/kafka-connect-runtime/main/NOTICE  | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/kafka-connect/build.gradle b/kafka-connect/build.gradle
index 52ac74810bb3..5f145312695a 100644
--- a/kafka-connect/build.gradle
+++ b/kafka-connect/build.gradle
@@ -76,7 +76,7 @@ project(':iceberg-kafka-connect:iceberg-kafka-connect-runtime') {
         force 'org.apache.hadoop.thirdparty:hadoop-shaded-guava:1.5.0'
         force 'com.fasterxml.woodstox:woodstox-core:6.7.0'
         force 'commons-beanutils:commons-beanutils:1.11.0'
-        force 'io.grpc:grpc-netty-shaded:1.75.0'
+        force 'io.grpc:grpc-netty-shaded:1.76.2'
       }
     }
   }
diff --git a/kafka-connect/kafka-connect-runtime/hive/LICENSE b/kafka-connect/kafka-connect-runtime/hive/LICENSE
index ffa40a6dcfd2..caccc7ff83a7 100644
--- a/kafka-connect/kafka-connect-runtime/hive/LICENSE
+++ b/kafka-connect/kafka-connect-runtime/hive/LICENSE
@@ -783,7 +783,7 @@ License (from POM): Apache 2.0 - https://opensource.org/licenses/Apache-2.0
 
 --------------------------------------------------------------------------------
 
-Group: io.grpc  Name: grpc-netty-shaded  Version: 1.75.0
+Group: io.grpc  Name: grpc-netty-shaded  Version: 1.76.2
 Project URL (from POM): https://github.com/grpc/grpc-java
 License (from POM): Apache 2.0 - https://opensource.org/licenses/Apache-2.0
 
diff --git a/kafka-connect/kafka-connect-runtime/hive/NOTICE b/kafka-connect/kafka-connect-runtime/hive/NOTICE
index 67754ea42e31..4e77d54e2219 100644
--- a/kafka-connect/kafka-connect-runtime/hive/NOTICE
+++ b/kafka-connect/kafka-connect-runtime/hive/NOTICE
@@ -30,7 +30,7 @@ This binary artifact contains code from the following projects:
 
 --------------------------------------------------------------------------------
 
-Group: io.grpc  Name: grpc-netty-shaded  Version: 1.75.0
+Group: io.grpc  Name: grpc-netty-shaded  Version: 1.76.2
 
 Notice: 
 |                             The Netty Project
diff --git a/kafka-connect/kafka-connect-runtime/main/LICENSE b/kafka-connect/kafka-connect-runtime/main/LICENSE
index 3520cef03028..1b78a369c2fb 100644
--- a/kafka-connect/kafka-connect-runtime/main/LICENSE
+++ b/kafka-connect/kafka-connect-runtime/main/LICENSE
@@ -722,7 +722,7 @@ License (from POM): Apache 2.0 - https://opensource.org/licenses/Apache-2.0
 
 --------------------------------------------------------------------------------
 
-Group: io.grpc  Name: grpc-netty-shaded  Version: 1.75.0
+Group: io.grpc  Name: grpc-netty-shaded  Version: 1.76.2
 Project URL (from POM): https://github.com/grpc/grpc-java
 License (from POM): Apache 2.0 - https://opensource.org/licenses/Apache-2.0
 
diff --git a/kafka-connect/kafka-connect-runtime/main/NOTICE b/kafka-connect/kafka-connect-runtime/main/NOTICE
index 4604727e7ed5..257600fa103c 100644
--- a/kafka-connect/kafka-connect-runtime/main/NOTICE
+++ b/kafka-connect/kafka-connect-runtime/main/NOTICE
@@ -30,7 +30,7 @@ This binary artifact contains code from the following projects:
 
 --------------------------------------------------------------------------------
 
-Group: io.grpc  Name: grpc-netty-shaded  Version: 1.75.0
+Group: io.grpc  Name: grpc-netty-shaded  Version: 1.76.2
 
 Notice: 
 |                             The Netty Project