[jira] [Created] (KNOX-3206) Add netty to Knox as dependency

Sandor Molnar (Jira) Sat, 18 Oct 2025 10:38:08 -0700

Sandor Molnar created KNOX-3206:
-----------------------------------

             Summary: Add netty to Knox as dependency
                 Key: KNOX-3206
                 URL: https://issues.apache.org/jira/browse/KNOX-3206
             Project: Apache Knox
          Issue Type: Task
          Components: Server
    Affects Versions: 2.1.0
            Reporter: Sandor Molnar
            Assignee: Sandor Molnar
             Fix For: 3.0.0



With a recent change - KNOX-3182 -, all io.netty dependencies have been 
excluded from the final Knox deliverable. As a result, when Ranger 
authorization is enabled in a topology, there are issue when auditing to SOLR 
(using the Knox Ranger plugin) is failing with the following error message:
{code:java}
2025-09-04 14:08:07,167  ERROR provider.BaseAuditHandler 
(BaseAuditHandler.java:logError(359)) - Error sending message to Solr
java.lang.NoClassDefFoundError: io/netty/channel/ChannelHandler
        at java.lang.Class.forName0(Native Method) ~[?:1.8.0_232]
        at java.lang.Class.forName(Class.java:264) ~[?:1.8.0_232]
        at 
org.apache.zookeeper.ZooKeeper.getClientCnxnSocket(ZooKeeper.java:3094) 
~[zookeeper.jar:3.8.1.7.3.2.0-516]
        at org.apache.zookeeper.ZooKeeper.<init>(ZooKeeper.java:674) 
~[zookeeper.jar:3.8.1.7.3.2.0-516]
        at org.apache.zookeeper.ZooKeeper.<init>(ZooKeeper.java:828) 
~[zookeeper.jar:3.8.1.7.3.2.0-516]
        at org.apache.zookeeper.ZooKeeper.<init>(ZooKeeper.java:511) 
~[zookeeper.jar:3.8.1.7.3.2.0-516]
        at 
org.apache.solr.common.cloud.SolrZooKeeper.<init>(SolrZooKeeper.java:50) 
~[solr-solrj.jar:8.11.2.7.3.2.0-516 7d0451842ce782b3c5a91c7770f00af2fa090b78 - 
jenkins - 2025-09-03 08:34:28]
        at 
org.apache.solr.common.cloud.ZkClientConnectionStrategy.createSolrZooKeeper(ZkClientConnectionStrategy.java:110)
 ~[solr-solrj.jar:8.11.2.7.3.2.0-516 7d0451842ce782b3c5a91c7770f00af2fa090b78 - 
jenkins - 2025-09-03 08:34:28]
        at 
org.apache.solr.common.cloud.DefaultConnectionStrategy.connect(DefaultConnectionStrategy.java:38)
 ~[solr-solrj.jar:8.11.2.7.3.2.0-516 7d0451842ce782b3c5a91c7770f00af2fa090b78 - 
jenkins - 2025-09-03 08:34:28]
        at 
org.apache.solr.common.cloud.SolrZkClient.<init>(SolrZkClient.java:172) 
~[solr-solrj.jar:8.11.2.7.3.2.0-516 7d0451842ce782b3c5a91c7770f00af2fa090b78 - 
jenkins - 2025-09-03 08:34:28]
        at 
org.apache.solr.common.cloud.ZkStateReader.<init>(ZkStateReader.java:360) 
~[solr-solrj.jar:8.11.2.7.3.2.0-516 7d0451842ce782b3c5a91c7770f00af2fa090b78 - 
jenkins - 2025-09-03 08:34:28]
        at 
org.apache.solr.client.solrj.impl.ZkClientClusterStateProvider.getZkStateReader(ZkClientClusterStateProvider.java:196)
 ~[solr-solrj.jar:8.11.2.7.3.2.0-516 7d0451842ce782b3c5a91c7770f00af2fa090b78 - 
jenkins - 2025-09-03 08:34:28]
        at 
org.apache.solr.client.solrj.impl.ZkClientClusterStateProvider.connect(ZkClientClusterStateProvider.java:181)
 ~[solr-solrj.jar:8.11.2.7.3.2.0-516 7d0451842ce782b3c5a91c7770f00af2fa090b78 - 
jenkins - 2025-09-03 08:34:28]
        at 
org.apache.solr.client.solrj.impl.BaseCloudSolrClient.connect(BaseCloudSolrClient.java:349)
 ~[solr-solrj.jar:8.11.2.7.3.2.0-516 7d0451842ce782b3c5a91c7770f00af2fa090b78 - 
jenkins - 2025-09-03 08:34:28]
        at 
org.apache.solr.client.solrj.impl.BaseCloudSolrClient.requestWithRetryOnStaleState(BaseCloudSolrClient.java:876)
 ~[solr-solrj.jar:8.11.2.7.3.2.0-516 7d0451842ce782b3c5a91c7770f00af2fa090b78 - 
jenkins - 2025-09-03 08:34:28]
        at 
org.apache.solr.client.solrj.impl.BaseCloudSolrClient.request(BaseCloudSolrClient.java:866)
 ~[solr-solrj.jar:8.11.2.7.3.2.0-516 7d0451842ce782b3c5a91c7770f00af2fa090b78 - 
jenkins - 2025-09-03 08:34:28]
        at 
org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:214) 
~[solr-solrj.jar:8.11.2.7.3.2.0-516 7d0451842ce782b3c5a91c7770f00af2fa090b78 - 
jenkins - 2025-09-03 08:34:28]
        at org.apache.solr.client.solrj.SolrClient.add(SolrClient.java:106) 
~[solr-solrj.jar:8.11.2.7.3.2.0-516 7d0451842ce782b3c5a91c7770f00af2fa090b78 - 
jenkins - 2025-09-03 08:34:28]
        at org.apache.solr.client.solrj.SolrClient.add(SolrClient.java:71) 
~[solr-solrj.jar:8.11.2.7.3.2.0-516 7d0451842ce782b3c5a91c7770f00af2fa090b78 - 
jenkins - 2025-09-03 08:34:28]
        at org.apache.solr.client.solrj.SolrClient.add(SolrClient.java:85) 
~[solr-solrj.jar:8.11.2.7.3.2.0-516 7d0451842ce782b3c5a91c7770f00af2fa090b78 - 
jenkins - 2025-09-03 08:34:28]
        at 
org.apache.ranger.audit.destination.SolrAuditDestination.lambda$addDocsToSolr$0(SolrAuditDestination.java:515)
 ~[ranger-plugins-audit-2.6.0.7.3.2.0-516.jar:2.6.0.7.3.2.0-516]
        at java.security.AccessController.doPrivileged(Native Method) 
~[?:1.8.0_232]
       at 
org.apache.ranger.audit.destination.SolrAuditDestination.lambda$addDocsToSolr$0(SolrAuditDestination.java:515)
 ~[ranger-plugins-audit-2.6.0.7.3.2.0-516.jar:2.6.0.7.3.2.0-516]
        at java.security.AccessController.doPrivileged(Native Method) 
~[?:1.8.0_232]
        at javax.security.auth.Subject.doAs(Subject.java:422) ~[?:1.8.0_232]
        at 
org.apache.ranger.audit.utils.AbstractKerberosUser.doAs(AbstractKerberosUser.java:147)
 ~[ranger-plugins-audit-2.6.0.7.3.2.0-516.jar:2.6.0.7.3.2.0-516]
        at 
org.apache.ranger.audit.utils.KerberosAction.execute(KerberosAction.java:71) 
~[ranger-plugins-audit-2.6.0.7.3.2.0-516.jar:2.6.0.7.3.2.0-516]
        at 
org.apache.ranger.audit.destination.SolrAuditDestination.addDocsToSolr(SolrAuditDestination.java:521)
 ~[ranger-plugins-audit-2.6.0.7.3.2.0-516.jar:2.6.0.7.3.2.0-516]
        at 
org.apache.ranger.audit.destination.SolrAuditDestination.log(SolrAuditDestination.java:167)
 [ranger-plugins-audit-2.6.0.7.3.2.0-516.jar:2.6.0.7.3.2.0-516]
        at 
org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:324)
 [ranger-plugins-audit-2.6.0.7.3.2.0-516.jar:2.6.0.7.3.2.0-516]
        at 
org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:233) 
[ranger-plugins-audit-2.6.0.7.3.2.0-516.jar:2.6.0.7.3.2.0-516]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_232]
Caused by: java.lang.ClassNotFoundException: io.netty.channel.ChannelHandler
        at java.net.URLClassLoader.findClass(URLClassLoader.java:382) 
~[?:1.8.0_232]
        at java.lang.ClassLoader.loadClass(ClassLoader.java:418) ~[?:1.8.0_232]
        at java.lang.ClassLoader.loadClass(ClassLoader.java:351) ~[?:1.8.0_232]
        ... 30 more {code}
Since Knox already references the {{io.netty}} dependency in its pom.xml 
(current version is {{{}4.1.123.Final{}}}), it's a relatively easy task to add 
the following Netty components in Knox's dep folder:
 * {{netty-common}} → shared utilities (base for all)

 * {{netty-buffer}} → ByteBuf implementation

 * {{netty-transport}} → Channel, EventLoop, and socket APIs

Apart from including these 3 commonly used Netty modules, we should also 
upgrade to {{4.1.127.Final}} to remove all CVEs associated with the currently 
used version.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (KNOX-3206) Add netty to Knox as dependency

Reply via email to