>From Michael Blow <[email protected]>: Michael Blow has submitted this change. ( https://asterix-gerrit.ics.uci.edu/c/asterixdb/+/21313?usp=email )
Change subject: [NO ISSUE][MISC] Update Netty to 4.1.135.Final for CVEs ...................................................................... [NO ISSUE][MISC] Update Netty to 4.1.135.Final for CVEs Ext-ref: MB-72251 Change-Id: I18976ae573336b564239b1bcbece0fe1164c2f5a Reviewed-on: https://asterix-gerrit.ics.uci.edu/c/asterixdb/+/21313 Reviewed-by: Hussain Towaileb <[email protected]> Tested-by: Jenkins <[email protected]> Reviewed-by: Michael Blow <[email protected]> --- M asterixdb/asterix-app/pom.xml M asterixdb/asterix-external-data/pom.xml M asterixdb/pom.xml M hyracks-fullstack/pom.xml 4 files changed, 76 insertions(+), 117 deletions(-) Approvals: Michael Blow: Looks good to me, but someone else must approve Hussain Towaileb: Looks good to me, approved Jenkins: Verified diff --git a/asterixdb/asterix-app/pom.xml b/asterixdb/asterix-app/pom.xml index 0c4b94c..f760373 100644 --- a/asterixdb/asterix-app/pom.xml +++ b/asterixdb/asterix-app/pom.xml @@ -920,6 +920,10 @@ <groupId>com.google.cloud</groupId> <artifactId>google-cloud-storage</artifactId> </dependency> + <dependency> + <groupId>io.grpc</groupId> + <artifactId>grpc-netty</artifactId> + </dependency> <!-- Needed for inferring the schema for writing Parquet files --> <dependency> <groupId>org.kitesdk</groupId> diff --git a/asterixdb/asterix-external-data/pom.xml b/asterixdb/asterix-external-data/pom.xml index 184320a..ef84bea 100644 --- a/asterixdb/asterix-external-data/pom.xml +++ b/asterixdb/asterix-external-data/pom.xml @@ -484,6 +484,10 @@ <artifactId>google-cloud-storage</artifactId> </dependency> <dependency> + <groupId>io.grpc</groupId> + <artifactId>grpc-netty</artifactId> + </dependency> + <dependency> <groupId>org.msgpack</groupId> <artifactId>msgpack-core</artifactId> </dependency> diff --git a/asterixdb/pom.xml b/asterixdb/pom.xml index a91b3e0..9a422ce 100644 --- a/asterixdb/pom.xml +++ b/asterixdb/pom.xml @@ -103,6 +103,7 @@ <hadoop-azuresdk.version>8.6.6</hadoop-azuresdk.version> <hadoop-gcs.version>hadoop3-2.2.25</hadoop-gcs.version> <io.opencensus.version>0.31.1</io.opencensus.version> + <netty.tcnative.version>2.0.78.Final</netty.tcnative.version> <implementation.title>Apache AsterixDB - ${project.name}</implementation.title> <implementation.url>https://asterixdb.apache.org/</implementation.url> @@ -1658,6 +1659,12 @@ <groupId>com.google.cloud</groupId> <artifactId>google-cloud-storage</artifactId> <version>${gcsjavasdk.version}</version> + <exclusions> + <exclusion> + <groupId>io.grpc</groupId> + <artifactId>grpc-netty-shaded</artifactId> + </exclusion> + </exclusions> </dependency> <!-- Google Cloud Storage end --> <!-- Azure Data Lake start --> @@ -1820,6 +1827,10 @@ <groupId>org.checkerframework</groupId> <artifactId>checker-compat-qual</artifactId> </exclusion> + <exclusion> + <groupId>io.grpc</groupId> + <artifactId>grpc-netty-shaded</artifactId> + </exclusion> </exclusions> </dependency> <!-- Hadoop GCS end --> @@ -1842,7 +1853,42 @@ <dependency> <groupId>io.netty</groupId> <artifactId>netty-tcnative-boringssl-static</artifactId> - <version>2.0.73.Final</version> + <version>${netty.tcnative.version}</version> + </dependency> + <dependency> + <groupId>io.netty</groupId> + <artifactId>netty-tcnative-classes</artifactId> + <version>${netty.tcnative.version}</version> + </dependency> + <dependency> + <groupId>io.netty</groupId> + <artifactId>netty-tcnative-boringssl-static</artifactId> + <classifier>linux-x86_64</classifier> + <version>${netty.tcnative.version}</version> + </dependency> + <dependency> + <groupId>io.netty</groupId> + <artifactId>netty-tcnative-boringssl-static</artifactId> + <classifier>linux-aarch_64</classifier> + <version>${netty.tcnative.version}</version> + </dependency> + <dependency> + <groupId>io.netty</groupId> + <artifactId>netty-tcnative-boringssl-static</artifactId> + <classifier>osx-x86_64</classifier> + <version>${netty.tcnative.version}</version> + </dependency> + <dependency> + <groupId>io.netty</groupId> + <artifactId>netty-tcnative-boringssl-static</artifactId> + <classifier>osx-aarch_64</classifier> + <version>${netty.tcnative.version}</version> + </dependency> + <dependency> + <groupId>io.netty</groupId> + <artifactId>netty-tcnative-boringssl-static</artifactId> + <classifier>windows-x86_64</classifier> + <version>${netty.tcnative.version}</version> </dependency> <dependency> <groupId>io.grpc</groupId> @@ -1852,6 +1898,17 @@ <scope>import</scope> </dependency> <dependency> + <groupId>io.grpc</groupId> + <artifactId>grpc-netty</artifactId> + <version>1.79.0</version> + <exclusions> + <exclusion> + <groupId>io.grpc</groupId> + <artifactId>grpc-netty-shaded</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> <groupId>io.opencensus</groupId> <artifactId>opencensus-contrib-http-util</artifactId> <version>${io.opencensus.version}</version> diff --git a/hyracks-fullstack/pom.xml b/hyracks-fullstack/pom.xml index 1d0ab85..9b4d03d 100644 --- a/hyracks-fullstack/pom.xml +++ b/hyracks-fullstack/pom.xml @@ -75,7 +75,7 @@ <snappy.version>1.1.10.5</snappy.version> <jackson.version>2.19.2</jackson.version> <jackson-databind.version>${jackson.version}</jackson-databind.version> - <netty.version>4.1.130.Final</netty.version> + <netty.version>4.1.135.Final</netty.version> <implementation.title>Apache Hyracks and Algebricks - ${project.name}</implementation.title> <implementation.url>https://asterixdb.apache.org/</implementation.url> @@ -86,6 +86,15 @@ <dependencies> <dependency> <groupId>io.netty</groupId> + <artifactId>netty-bom</artifactId> + <version>${netty.version}</version> + <type>pom</type> + <scope>import</scope> + </dependency> + <!-- Explicitly include netty dependencies with exclusions to avoid CVEs in native transports and codecs that + are not used. --> + <dependency> + <groupId>io.netty</groupId> <artifactId>netty-all</artifactId> <version>${netty.version}</version> <exclusions> @@ -157,21 +166,6 @@ </dependency> <dependency> <groupId>io.netty</groupId> - <artifactId>netty-buffer</artifactId> - <version>${netty.version}</version> - </dependency> - <dependency> - <groupId>io.netty</groupId> - <artifactId>netty-common</artifactId> - <version>${netty.version}</version> - </dependency> - <dependency> - <groupId>io.netty</groupId> - <artifactId>netty-codec-http</artifactId> - <version>${netty.version}</version> - </dependency> - <dependency> - <groupId>io.netty</groupId> <artifactId>netty-transport</artifactId> <version>${netty.version}</version> <exclusions> @@ -195,21 +189,6 @@ </dependency> <dependency> <groupId>io.netty</groupId> - <artifactId>netty-codec</artifactId> - <version>${netty.version}</version> - </dependency> - <dependency> - <groupId>io.netty</groupId> - <artifactId>netty-codec-dns</artifactId> - <version>${netty.version}</version> - </dependency> - <dependency> - <groupId>io.netty</groupId> - <artifactId>netty-codec-socks</artifactId> - <version>${netty.version}</version> - </dependency> - <dependency> - <groupId>io.netty</groupId> <artifactId>netty-handler</artifactId> <version>${netty.version}</version> <exclusions> @@ -221,16 +200,6 @@ </dependency> <dependency> <groupId>io.netty</groupId> - <artifactId>netty-handler-proxy</artifactId> - <version>${netty.version}</version> - </dependency> - <dependency> - <groupId>io.netty</groupId> - <artifactId>netty-transport-native-epoll</artifactId> - <version>${netty.version}</version> - </dependency> - <dependency> - <groupId>io.netty</groupId> <artifactId>netty-resolver</artifactId> <version>${netty.version}</version> <exclusions> @@ -240,81 +209,6 @@ </exclusion> </exclusions> </dependency> - <!-- - <dependency> - <groupId>io.netty</groupId> - <artifactId>netty-resolver-dns-native-macos</artifactId> - <version>${netty.version}</version> - <scope>provided</scope> - <exclusions> - <exclusion> - <groupId>*</groupId> - <artifactId>*</artifactId> - </exclusion> - </exclusions> - </dependency> - <dependency> - <groupId>io.netty</groupId> - <artifactId>netty-resolver-dns-classes-macos</artifactId> - <version>${netty.version}</version> - <scope>provided</scope> - <exclusions> - <exclusion> - <groupId>*</groupId> - <artifactId>*</artifactId> - </exclusion> - </exclusions> - </dependency> - --> - <dependency> - <groupId>io.netty</groupId> - <artifactId>netty-transport-native-epoll</artifactId> - <classifier>linux-x86_64</classifier> - <version>${netty.version}</version> - </dependency> - <dependency> - <groupId>io.netty</groupId> - <artifactId>netty-transport-native-kqueue</artifactId> - <classifier>osx-x86_64</classifier> - <version>${netty.version}</version> - </dependency> - <dependency> - <groupId>io.netty</groupId> - <artifactId>netty-transport-native-kqueue</artifactId> - <version>${netty.version}</version> - </dependency> - <dependency> - <groupId>io.netty</groupId> - <artifactId>netty-resolver-dns</artifactId> - <version>${netty.version}</version> - </dependency> - <dependency> - <groupId>io.netty</groupId> - <artifactId>netty-resolver-dns-native-macos</artifactId> - <version>${netty.version}</version> - <classifier>osx-x86_64</classifier> - </dependency> - <dependency> - <groupId>io.netty</groupId> - <artifactId>netty-resolver-dns-native-macos</artifactId> - <version>${netty.version}</version> - <classifier>osx-aarch_64</classifier> - </dependency> - <dependency> - <groupId>io.netty</groupId> - <artifactId>netty-resolver-dns-classes-macos</artifactId> - <version>${netty.version}</version> - </dependency> - <dependency> - <groupId>io.netty</groupId> - <artifactId>netty-codec-http2</artifactId> - <version>${netty.version}</version> - </dependency> - <dependency> - <groupId>io.netty</groupId> - <artifactId>netty-transport-native-unix-common</artifactId> - <version>${netty.version}</version> - </dependency> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> -- To view, visit https://asterix-gerrit.ics.uci.edu/c/asterixdb/+/21313?usp=email To unsubscribe, or for help writing mail filters, visit https://asterix-gerrit.ics.uci.edu/settings?usp=email Gerrit-MessageType: merged Gerrit-Project: asterixdb Gerrit-Branch: stabilization-b4f3098763 Gerrit-Change-Id: I18976ae573336b564239b1bcbece0fe1164c2f5a Gerrit-Change-Number: 21313 Gerrit-PatchSet: 6 Gerrit-Owner: Michael Blow <[email protected]> Gerrit-Reviewer: Ali Alsuliman <[email protected]> Gerrit-Reviewer: Hussain Towaileb <[email protected]> Gerrit-Reviewer: Jenkins <[email protected]> Gerrit-Reviewer: Michael Blow <[email protected]>
