GH-5050: add netty dependency management to fix CVEs (#5051)

Signed-off-by: Bart Hanssens <bart.hanssens@bosa.fgov.be>

Author: barthanssens

pom.xml

@@ -377,6 +377,7 @@
 		<servlet.version>3.1.0</servlet.version>
 		<junit.version>5.9.3</junit.version>
 		<jetty.version>9.4.54.v20240208</jetty.version>
+		<netty.version>4.1.111.Final</netty.version>
 	</properties>
 	<dependencyManagement>
 		<dependencies>
@@ -396,6 +397,13 @@
 				<type>pom</type>
 				<scope>import</scope>
 			</dependency>
+			<dependency>
+				<groupId>io.netty</groupId>
+				<artifactId>netty-bom</artifactId>
+				<version>${netty.version}</version>
+				<type>pom</type>
+				<scope>import</scope>
+			</dependency>
 			<!-- Annotations is designed to be fixed at the 2.x.0 minor version level, but in practice is still being released for
 				2.8.x patch versions. See https://github.com/FasterXML/jackson-bom/issues/4 -->
 			<dependency>