diff --git a/CHANGES.md b/CHANGES.md
index 9c8f866c35e6..f3ab25ccbe5e 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -78,6 +78,7 @@ Release Notes.
 * Add component definition for `Alibaba Fastjson`.
 * Fix entity(service/instance/endpoint) names in the MAL system(prometheus, native meter, open census, envoy metric
   service) are not controlled by core's naming-control mechanism.
+* Upgrade netty version to 4.1.68.Final avoid cve-2021-37136.
 
 #### UI
 
diff --git a/dist-material/release-docs/LICENSE b/dist-material/release-docs/LICENSE
index a5cccc9783d7..c8e659422771 100755
--- a/dist-material/release-docs/LICENSE
+++ b/dist-material/release-docs/LICENSE
@@ -257,8 +257,8 @@ The text of each license is the standard Apache 2.0 license.
     Apache: commons-compress 1.21: https://github.com/apache/commons-compress, Apache 2.0
     Apache: commons-collections4 4.4: https://mvnrepository.com/artifact/org.apache.commons/commons-collections4, Apache 2.0
     Apache: freemarker 2.3.28: https://github.com/apache/freemarker, Apache 2.0
-    netty 4.1.65: https://github.com/netty/netty/blob/4.1/LICENSE.txt, Apache 2.0
-    netty: netty-tcnative-boringssl-static 2.0.39:  https://github.com/netty/netty-tcnative, Apache 2.0
+    netty 4.1.68: https://github.com/netty/netty/blob/4.1/LICENSE.txt, Apache 2.0
+    netty: netty-tcnative-boringssl-static 2.0.43:  https://github.com/netty/netty-tcnative, Apache 2.0
     annotations 13.0: http://www.jetbrains.org, Apache 2.0
     compiler 0.9.6: https://github.com/spullara/mustache.java, Apache 2.0
     error_prone_annotations 2.3.2: https://github.com/google/error-prone, Apache 2.0
diff --git a/oap-server-bom/pom.xml b/oap-server-bom/pom.xml
index 36a93906aeee..584e4bb60848 100644
--- a/oap-server-bom/pom.xml
+++ b/oap-server-bom/pom.xml
@@ -44,7 +44,7 @@
         <commons-codec.version>1.11</commons-codec.version>
         <commons-lang3.version>3.12.0</commons-lang3.version>
         <commons-dbcp.version>1.4</commons-dbcp.version>
-        <netty-tcnative-boringssl-static.version>2.0.39.Final</netty-tcnative-boringssl-static.version>
+        <netty-tcnative-boringssl-static.version>2.0.43.Final</netty-tcnative-boringssl-static.version>
         <jetty.version>9.4.40.v20210413</jetty.version>
         <commons-io.version>2.6</commons-io.version>
         <kubernetes.version>13.0.0</kubernetes.version>
@@ -60,7 +60,7 @@
         <curator.version>4.3.0</curator.version>
         <curator-test.version>2.12.0</curator-test.version>
         <etcd4j.version>2.18.0</etcd4j.version>
-        <netty.version>4.1.65.Final</netty.version>
+        <netty.version>4.1.68.Final</netty.version>
         <jackson-module-afterburner.version>2.12.2</jackson-module-afterburner.version>
         <antlr.version>4.7.1</antlr.version>
         <freemarker.version>2.3.28</freemarker.version>
diff --git a/pom.xml b/pom.xml
index 220b64feadd1..559e5282ab53 100755
--- a/pom.xml
+++ b/pom.xml
@@ -183,7 +183,7 @@
         <protobuf-maven-plugin.version>0.6.1</protobuf-maven-plugin.version>
         <com.google.protobuf.protoc.version>3.12.0</com.google.protobuf.protoc.version>
         <protoc-gen-grpc-java.plugin.version>1.32.1</protoc-gen-grpc-java.plugin.version>
-        <netty-tcnative-boringssl-static.version>2.0.39.Final</netty-tcnative-boringssl-static.version>
+        <netty-tcnative-boringssl-static.version>2.0.43.Final</netty-tcnative-boringssl-static.version>
         <javax.annotation-api.version>1.3.2</javax.annotation-api.version>
         <objenesis.version>3.1</objenesis.version>
         <!-- necessary for Java 9+ -->
diff --git a/tools/dependencies/known-oap-backend-dependencies.txt b/tools/dependencies/known-oap-backend-dependencies.txt
index 4ee6abc681e4..01bbc2f1a05e 100755
--- a/tools/dependencies/known-oap-backend-dependencies.txt
+++ b/tools/dependencies/known-oap-backend-dependencies.txt
@@ -103,25 +103,25 @@ mvel2-2.4.8.Final.jar
 nacos-api-1.4.2.jar
 nacos-client-1.4.2.jar
 nacos-common-1.4.2.jar
-netty-buffer-4.1.65.Final.jar
-netty-codec-4.1.65.Final.jar
-netty-codec-dns-4.1.65.Final.jar
-netty-codec-haproxy-4.1.65.Final.jar
-netty-codec-http-4.1.65.Final.jar
-netty-codec-http2-4.1.65.Final.jar
-netty-codec-socks-4.1.65.Final.jar
-netty-common-4.1.65.Final.jar
-netty-handler-4.1.65.Final.jar
-netty-handler-proxy-4.1.65.Final.jar
-netty-resolver-4.1.65.Final.jar
-netty-resolver-dns-4.1.65.Final.jar
-netty-resolver-dns-native-macos-4.1.65.Final-osx-x86_64.jar
-netty-tcnative-boringssl-static-2.0.39.Final.jar
-netty-transport-4.1.65.Final.jar
-netty-transport-native-epoll-4.1.65.Final.jar
-netty-transport-native-epoll-4.1.65.Final-linux-x86_64.jar
-netty-transport-native-unix-common-4.1.65.Final.jar
-netty-transport-native-unix-common-4.1.65.Final-linux-x86_64.jar
+netty-buffer-4.1.68.Final.jar
+netty-codec-4.1.68.Final.jar
+netty-codec-dns-4.1.68.Final.jar
+netty-codec-haproxy-4.1.68.Final.jar
+netty-codec-http-4.1.68.Final.jar
+netty-codec-http2-4.1.68.Final.jar
+netty-codec-socks-4.1.68.Final.jar
+netty-common-4.1.68.Final.jar
+netty-handler-4.1.68.Final.jar
+netty-handler-proxy-4.1.68.Final.jar
+netty-resolver-4.1.68.Final.jar
+netty-resolver-dns-4.1.68.Final.jar
+netty-resolver-dns-native-macos-4.1.68.Final-osx-x86_64.jar
+netty-tcnative-boringssl-static-2.0.43.Final.jar
+netty-transport-4.1.68.Final.jar
+netty-transport-native-epoll-4.1.68.Final.jar
+netty-transport-native-epoll-4.1.68.Final-linux-x86_64.jar
+netty-transport-native-unix-common-4.1.68.Final.jar
+netty-transport-native-unix-common-4.1.68.Final-linux-x86_64.jar
 okhttp-3.14.9.jar
 okio-1.17.2.jar
 perfmark-api-0.19.0.jar