This is an automated email from the ASF dual-hosted git repository.
bowenliang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kyuubi.git
The following commit(s) were added to refs/heads/master by this push:
new dd04f818b [KYUUBI #4190] Bump Netty from 4.1.84 to 4.1.87
dd04f818b is described below
commit dd04f818bcd3deaf18d88d1c9bb68e1d29039a9e
Author: liangbowen <[email protected]>
AuthorDate: Fri Jan 20 13:16:21 2023 +0800
[KYUUBI #4190] Bump Netty from 4.1.84 to 4.1.87
### _Why are the changes needed?_
- Bump Netty from `4.1.84.Final` to `4.1.87.Final` (release note:
https://netty.io/news/2023/01/12/4-1-87-Final.html)
- with 2 CVE ( including 1 in high risk level) fixed in 4.1.86.Final for
4.1.85 and before, `CVE-2022-41915` and `CVE-2022-41881`
(https://netty.io/news/2022/12/12/4-1-86-Final.html)
- exclude `netty-handler-ssl-ocsp` which is released with `netty-all` since
`4.1.86.Final`, as no SSL ocsp related feature used in kyuubi server
### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including
negative and positive cases if possible
- [ ] Add screenshots for manual tests if appropriate
- [x] [Run
test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests)
locally before make a pull request
Closes #4190 from bowenliang123/netty-4.1.87.
Closes #4190
97198aa9 [liangbowen] exclude netty-handler-ssl-ocsp from netty-all
44c3fab2 [liangbowen] update dependencyList
26a9ca7f [liangbowen] bump netty from 4.1.84 to 4.1.87
Authored-by: liangbowen <[email protected]>
Signed-off-by: liangbowen <[email protected]>
---
dev/dependencyList | 34 +++++++++++++++++-----------------
pom.xml | 6 +++++-
2 files changed, 22 insertions(+), 18 deletions(-)
diff --git a/dev/dependencyList b/dev/dependencyList
index 449f7da23..6d7387b55 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -132,23 +132,23 @@ metrics-core/4.2.8//metrics-core-4.2.8.jar
metrics-jmx/4.2.8//metrics-jmx-4.2.8.jar
metrics-json/4.2.8//metrics-json-4.2.8.jar
metrics-jvm/4.2.8//metrics-jvm-4.2.8.jar
-netty-all/4.1.84.Final//netty-all-4.1.84.Final.jar
-netty-buffer/4.1.84.Final//netty-buffer-4.1.84.Final.jar
-netty-codec-dns/4.1.84.Final//netty-codec-dns-4.1.84.Final.jar
-netty-codec-http/4.1.84.Final//netty-codec-http-4.1.84.Final.jar
-netty-codec-http2/4.1.84.Final//netty-codec-http2-4.1.84.Final.jar
-netty-codec-socks/4.1.84.Final//netty-codec-socks-4.1.84.Final.jar
-netty-codec/4.1.84.Final//netty-codec-4.1.84.Final.jar
-netty-common/4.1.84.Final//netty-common-4.1.84.Final.jar
-netty-handler-proxy/4.1.84.Final//netty-handler-proxy-4.1.84.Final.jar
-netty-handler/4.1.84.Final//netty-handler-4.1.84.Final.jar
-netty-resolver-dns/4.1.84.Final//netty-resolver-dns-4.1.84.Final.jar
-netty-resolver/4.1.84.Final//netty-resolver-4.1.84.Final.jar
-netty-transport-classes-epoll/4.1.84.Final//netty-transport-classes-epoll-4.1.84.Final.jar
-netty-transport-native-epoll/4.1.84.Final/linux-aarch_64/netty-transport-native-epoll-4.1.84.Final-linux-aarch_64.jar
-netty-transport-native-epoll/4.1.84.Final/linux-x86_64/netty-transport-native-epoll-4.1.84.Final-linux-x86_64.jar
-netty-transport-native-unix-common/4.1.84.Final//netty-transport-native-unix-common-4.1.84.Final.jar
-netty-transport/4.1.84.Final//netty-transport-4.1.84.Final.jar
+netty-all/4.1.87.Final//netty-all-4.1.87.Final.jar
+netty-buffer/4.1.87.Final//netty-buffer-4.1.87.Final.jar
+netty-codec-dns/4.1.87.Final//netty-codec-dns-4.1.87.Final.jar
+netty-codec-http/4.1.87.Final//netty-codec-http-4.1.87.Final.jar
+netty-codec-http2/4.1.87.Final//netty-codec-http2-4.1.87.Final.jar
+netty-codec-socks/4.1.87.Final//netty-codec-socks-4.1.87.Final.jar
+netty-codec/4.1.87.Final//netty-codec-4.1.87.Final.jar
+netty-common/4.1.87.Final//netty-common-4.1.87.Final.jar
+netty-handler-proxy/4.1.87.Final//netty-handler-proxy-4.1.87.Final.jar
+netty-handler/4.1.87.Final//netty-handler-4.1.87.Final.jar
+netty-resolver-dns/4.1.87.Final//netty-resolver-dns-4.1.87.Final.jar
+netty-resolver/4.1.87.Final//netty-resolver-4.1.87.Final.jar
+netty-transport-classes-epoll/4.1.87.Final//netty-transport-classes-epoll-4.1.87.Final.jar
+netty-transport-native-epoll/4.1.87.Final/linux-aarch_64/netty-transport-native-epoll-4.1.87.Final-linux-aarch_64.jar
+netty-transport-native-epoll/4.1.87.Final/linux-x86_64/netty-transport-native-epoll-4.1.87.Final-linux-x86_64.jar
+netty-transport-native-unix-common/4.1.87.Final//netty-transport-native-unix-common-4.1.87.Final.jar
+netty-transport/4.1.87.Final//netty-transport-4.1.87.Final.jar
okhttp-urlconnection/3.14.9//okhttp-urlconnection-3.14.9.jar
okhttp/3.12.12//okhttp-3.12.12.jar
okio/1.15.0//okio-1.15.0.jar
diff --git a/pom.xml b/pom.xml
index 6da070b49..af19af136 100644
--- a/pom.xml
+++ b/pom.xml
@@ -170,7 +170,7 @@
<ldapsdk.version>6.0.5</ldapsdk.version>
<log4j.version>2.19.0</log4j.version>
<mysql.jdbc.version>8.0.31</mysql.jdbc.version>
- <netty.version>4.1.84.Final</netty.version>
+ <netty.version>4.1.87.Final</netty.version>
<parquet.version>1.10.1</parquet.version>
<phoenix.version>6.0.0</phoenix.version>
<prometheus.version>0.16.0</prometheus.version>
@@ -880,6 +880,10 @@
<groupId>io.netty</groupId>
<artifactId>netty-codec-xml</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>io.netty</groupId>
+ <artifactId>netty-handler-ssl-ocsp</artifactId>
+ </exclusion>
<exclusion>
<groupId>io.netty</groupId>
<artifactId>netty-resolver-dns-classes-macos</artifactId>
