Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HCD-96: Upgrade Netty to 4.1.118.Final #1606

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

HCD-96: Upgrade Netty to 4.1.118.Final #1606

wants to merge 1 commit into from

Conversation

emerkle826
Copy link

This patch updates Netty to address CVE-2025-24970.
It also adds the Netty native epoll dependency
that was missing when Netty was upgraded from
4.1.58 to 4.1.117. Since 4.1.58, the native
libraries are now separated out into new dependencies
and must be explicitly added for them to be bundled into the tarball.

What is the issue

When Netty was upgraded to 4.1.117.Final, the native epoll libraries that used to be shipped in the netty-all.jar were not included. At some point since Netty 4.1.58, the native epoll and native kqueue libraries were split inot their own architecture dependent jarfiles/artifacts and must be included explicitly to pick them up.

What does this PR fix and why was it fixed

This patch adds the missing native epol dependencies. This is similar to what was done in OSS Cassandra when they upgraded to Netty 4.1.96 here:
apache@53d1644

@emerkle826
HCD-96: Upgrade Netty to 4.1.118.Final
5d97037 
This patch updates Netty to address CVE-2025-24970.
It also adds the Netty native epoll dependency
that was missing when Netty was upgraded from
4.1.58 to 4.1.117. Since 4.1.58, the native
libraries are now separated out into new dependencies
and must be explicitly added for them to be bundled
into the tarball.
@github-actions GitHub Actions
Copy link

Checklist before you submit for review

  • Make sure there is a PR in the CNDB project updating the Converged Cassandra version
  • Use NoSpamLogger for log lines that may appear frequently in the logs
  • Verify test results on Butler
  • Test coverage for new/modified code is > 80%
  • Proper code formatting
  • Proper title for each commit staring with the project-issue number, like CNDB-1234
  • Each commit has a meaningful description
  • Each commit is not very long and contains related changes
  • Renames, moves and reformatting are in distinct commits

@szymon-miezal szymon-miezal self-requested a review February 25, 2025 13:52
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@cassci-bot
Copy link

❌ Build ds-cassandra-pr-gate/PR-1606 rejected by Butler

1 new test failure(s) in 1 builds
See build details here

Found 1 new test failures

Test Explanation Branch history Upstream history
o.a.c.u.b.BinLogTest.testTruncationReleasesLogS... regression 🔴 🔵🔵🔵🔵🔵🔵🔵

Found 2 known test failures

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@szymon-miezal szymon-miezal Awaiting requested review from szymon-miezal

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@emerkle826 @cassci-bot