IBM Support

IBM SPSS Modeler Updates Netty Components to Address Published CVEs in Versions 18.4, 18.5, 18.6, and 19.0

General Page

IBM SPSS Modeler includes Netty components that are affected by CVE-2024-47535 and CVE-2025-25193. Updated product builds are available for IBM SPSS Modeler Server versions 18.4, 18.5, 18.6, and 19.0 on Linux, pLinux, and zLinux platforms. This technote summarizes the issue, identifies affected versions and platforms, and provides verification details for the updated Netty runtime libraries.

Problem

A security review identified vulnerabilities affecting Netty libraries used by IBM SPSS Modeler. To address the reported CVEs, Netty components have been upgraded to version 4.1.119.Final across supported product releases.

The following CVEs are addressed:

  • CVE-2024-47535
  • CVE-2025-25193

Although the reported vulnerabilities primarily affect the netty-common library, IBM recommends updating the complete Netty component set to maintain compatibility and ensure a consistent runtime environment.

Affected Versions

  • IBM SPSS Modeler Server 18.4
  • IBM SPSS Modeler Server 18.5
  • IBM SPSS Modeler Server 18.6
  • IBM SPSS Modeler Server 19.0

Affected Platforms

  • Linux
  • Linux on Power (pLinux)
  • Linux on IBM Z (zLinux)

Prerequisites

  • IBM SPSS Modeler Server 18.4, 18.5, 18.6, or 19.0 must be installed.
  • Stop all running instances of IBM SPSS Modeler Server before applying the update.

Verification Details

IBM SPSS Modeler Server 19.0 on Linux, pLinux, and zLinux

Installation Paths

  • <installation_path>/spark/jars
  • <installation_path>/spark/external-jars

Update the following Netty JAR files from 4.1.100.Final to 4.1.119.Final:

  • netty-all
  • netty-buffer
  • netty-codec
  • netty-resolver
  • netty-transport
  • netty-transport-classes-epoll
  • netty-transport-classes-kqueue
  • netty-transport-native-unix-common

Update Procedure

  1. Stop IBM SPSS Modeler Server.
  2. Back up the existing Netty JAR files.
  3. Download the corresponding version 4.1.119.Final JAR files from Maven Central.
  4. Replace the existing JAR files in all installation paths listed above.
  5. Restart IBM SPSS Modeler Server and verify that the updated JAR files are present.

IBM SPSS Modeler Server 18.6 on Linux, pLinux, and zLinux

Installation Path

  • <installation_path>/spark/jars

Update the following Netty JAR files from 4.1.108.Final to 4.1.119.Final:

  • netty-all
  • netty-buffer
  • netty-codec
  • netty-codec-http
  • netty-codec-http2
  • netty-codec-socks
  • netty-common
  • netty-handler
  • netty-handler-proxy
  • netty-resolver
  • netty-transport
  • netty-transport-classes-epoll
  • netty-transport-classes-kqueue
  • netty-transport-native-epoll
  • netty-transport-native-kqueue
  • netty-transport-native-unix-common

Update Procedure

  1. Stop IBM SPSS Modeler Server.
  2. Back up the existing Netty JAR files.
  3. Download the corresponding version 4.1.119.Final JAR files from Maven Central.
  4. Replace the existing JAR files in the installation path listed above.
  5. Restart IBM SPSS Modeler Server and verify that the updated JAR files are present.

IBM SPSS Modeler Server 18.5 on Linux, pLinux, and zLinux

Installation Path

  • <installation_path>/spark/jars

Update the following Netty JAR files from 4.1.100.Final to 4.1.119.Final:

  • netty-all
  • netty-buffer
  • netty-codec
  • netty-codec-http
  • netty-codec-http2
  • netty-codec-socks
  • netty-common
  • netty-handler
  • netty-handler-proxy
  • netty-resolver
  • netty-transport
  • netty-transport-classes-epoll
  • netty-transport-classes-kqueue
  • netty-transport-native-epoll
  • netty-transport-native-kqueue
  • netty-transport-native-unix-common

Update Procedure

  1. Stop IBM SPSS Modeler Server.
  2. Back up the existing Netty JAR files.
  3. Download the corresponding version 4.1.119.Final JAR files from Maven Central.
  4. Replace the existing JAR files in the installation path listed above.
  5. Restart IBM SPSS Modeler Server and verify that the updated JAR files are present.

IBM SPSS Modeler Server 18.4 on Linux, pLinux, and zLinux

Installation Path

  • <installation_path>/spark/jars

Update the following Netty JAR files from 4.1.77.Final to 4.1.119.Final:

  • netty-all
  • netty-buffer
  • netty-codec
  • netty-codec-dns
  • netty-codec-haproxy
  • netty-codec-http
  • netty-codec-http2
  • netty-codec-memcache
  • netty-codec-mqtt
  • netty-codec-redis
  • netty-codec-smtp
  • netty-codec-socks
  • netty-codec-stomp
  • netty-codec-xml
  • netty-common
  • netty-handler
  • netty-handler-proxy
  • netty-resolver
  • netty-resolver-dns
  • netty-resolver-dns-classes-macos
  • netty-resolver-dns-native-macos
  • netty-transport
  • netty-transport-classes-epoll
  • netty-transport-classes-kqueue
  • netty-transport-native-epoll
  • netty-transport-native-kqueue
  • netty-transport-native-unix-common
  • netty-transport-rxtx
  • netty-transport-sctp
  • netty-transport-udt

Update Procedure

  1. Stop IBM SPSS Modeler Server.
  2. Back up the existing Netty JAR files.
  3. Download the corresponding version 4.1.119.Final JAR files from Maven Central.
  4. Replace the existing JAR files in the installation path listed above.
  5. Restart IBM SPSS Modeler Server and verify that the updated JAR files are present.

Notes

  • For IBM SPSS Modeler Server 19.0, update the Netty JAR files in both the spark/jars and spark/external-jars directories.
  • For IBM SPSS Modeler Server 18.4, 18.5, and 18.6, update the Netty JAR files only in the spark/jars directory.
  • Replace only the Netty JAR files listed above. No other product files require modification.

[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS3RA7","label":"IBM SPSS Modeler"},"ARM Category":[{"code":"a8m3p0000006xr6AAA","label":"SPSS Modeler"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"18.4.0;18.5.0;18.6.0;19.0.0"}]

Document Information

Modified date:
15 June 2026

UID

ibm17276379

Page Feedback