[kudu-CR] [Java] KUDU-3313 Upgrade netty version from 4.1.60.Final to 4.1.65.Final
Alexey Serbin has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/17828 ) Change subject: [Java] KUDU-3313 Upgrade netty version from 4.1.60.Final to 4.1.65.Final .. [Java] KUDU-3313 Upgrade netty version from 4.1.60.Final to 4.1.65.Final Change-Id: Ice745a5f1137c5b1a018bac2d6ffc26699af Reviewed-on: http://gerrit.cloudera.org:8080/17828 Tested-by: Kudu Jenkins Reviewed-by: Bankim Bhavsar Reviewed-by: Alexey Serbin --- M java/gradle/dependencies.gradle 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Kudu Jenkins: Verified Bankim Bhavsar: Looks good to me, but someone else must approve Alexey Serbin: Looks good to me, approved -- To view, visit http://gerrit.cloudera.org:8080/17828 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: merged Gerrit-Change-Id: Ice745a5f1137c5b1a018bac2d6ffc26699af Gerrit-Change-Number: 17828 Gerrit-PatchSet: 2 Gerrit-Owner: yejiabao <493508...@qq.com> Gerrit-Reviewer: Alexey Serbin Gerrit-Reviewer: Bankim Bhavsar Gerrit-Reviewer: Kudu Jenkins (120)
[kudu-CR] [Java] KUDU-3313 Upgrade netty version from 4.1.60.Final to 4.1.65.Final
Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/17828 ) Change subject: [Java] KUDU-3313 Upgrade netty version from 4.1.60.Final to 4.1.65.Final .. Patch Set 1: Code-Review+2 (1 comment) Thank you for the patch! AFAIK Kudu Java client doesn't use HTTP2 from netty by any means (so there isn't any security-related threat w.r.t. CVE-2021-21409), but I guess automated security scanners might be happier with the updated build dependency for the kudu-client package. http://gerrit.cloudera.org:8080/#/c/17828/1//COMMIT_MSG Commit Message: http://gerrit.cloudera.org:8080/#/c/17828/1//COMMIT_MSG@7 PS1, Line 7: 4.1.65.Final My initial concern was disabling TLSv1 and TLSv1.1 in netty 4.1.65.Final (see https://netty.io/news/2021/05/19/4-1-65-Final.html). We don't want to cut off older servers running on CentOS6, and by default Kudu RPC allows to use TLSv1 (see https://gerrit.cloudera.org/#/c/17268/ for the context). But after looking at the code I realized that the Kudu Java client doesn't use the netty's TLS/SSL handler, doing all the TLS handshake by itself for Kudu RPC, so no compatibility issues are expected with this upgrade. -- To view, visit http://gerrit.cloudera.org:8080/17828 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ice745a5f1137c5b1a018bac2d6ffc26699af Gerrit-Change-Number: 17828 Gerrit-PatchSet: 1 Gerrit-Owner: yejiabao <493508...@qq.com> Gerrit-Reviewer: Alexey Serbin Gerrit-Reviewer: Bankim Bhavsar Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Comment-Date: Tue, 07 Sep 2021 17:21:08 + Gerrit-HasComments: Yes
[kudu-CR] [Java] KUDU-3313 Upgrade netty version from 4.1.60.Final to 4.1.65.Final
Bankim Bhavsar has posted comments on this change. ( http://gerrit.cloudera.org:8080/17828 ) Change subject: [Java] KUDU-3313 Upgrade netty version from 4.1.60.Final to 4.1.65.Final .. Patch Set 1: Code-Review+1 -- To view, visit http://gerrit.cloudera.org:8080/17828 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ice745a5f1137c5b1a018bac2d6ffc26699af Gerrit-Change-Number: 17828 Gerrit-PatchSet: 1 Gerrit-Owner: yejiabao <493508...@qq.com> Gerrit-Reviewer: Alexey Serbin Gerrit-Reviewer: Bankim Bhavsar Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Comment-Date: Tue, 07 Sep 2021 16:42:36 + Gerrit-HasComments: No
[kudu-CR] [Java] KUDU-3313 Upgrade netty version from 4.1.60.Final to 4.1.65.Final
yejiabao has uploaded this change for review. ( http://gerrit.cloudera.org:8080/17828 Change subject: [Java] KUDU-3313 Upgrade netty version from 4.1.60.Final to 4.1.65.Final .. [Java] KUDU-3313 Upgrade netty version from 4.1.60.Final to 4.1.65.Final Change-Id: Ice745a5f1137c5b1a018bac2d6ffc26699af --- M java/gradle/dependencies.gradle 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/28/17828/1 -- To view, visit http://gerrit.cloudera.org:8080/17828 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: Ice745a5f1137c5b1a018bac2d6ffc26699af Gerrit-Change-Number: 17828 Gerrit-PatchSet: 1 Gerrit-Owner: yejiabao
