You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kafka.apache.org by ij...@apache.org on 2020/07/02 05:53:40 UTC
[kafka] branch 2.4 updated: MINOR: Update Netty to 4.1.50.Final
(#8972)
This is an automated email from the ASF dual-hosted git repository.
ijuma pushed a commit to branch 2.4
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/2.4 by this push:
new 7c3b0cf MINOR: Update Netty to 4.1.50.Final (#8972)
7c3b0cf is described below
commit 7c3b0cf2936587342ac069cd392e2d930e74778e
Author: Ismael Juma <is...@juma.me.uk>
AuthorDate: Wed Jul 1 22:36:30 2020 -0700
MINOR: Update Netty to 4.1.50.Final (#8972)
This includes important fixes. Netty is required by ZooKeeper if TLS is
enabled.
I verified that the netty jars were changed from 4.1.48 to 4.1.50 with
this PR, `find . -name '*netty*'`:
```text
./core/build/dependant-libs-2.13.3/netty-handler-4.1.50.Final.jar
./core/build/dependant-libs-2.13.3/netty-transport-native-epoll-4.1.50.Final.jar
./core/build/dependant-libs-2.13.3/netty-codec-4.1.50.Final.jar
./core/build/dependant-libs-2.13.3/netty-transport-native-unix-common-4.1.50.Final.jar
./core/build/dependant-libs-2.13.3/netty-transport-4.1.50.Final.jar
./core/build/dependant-libs-2.13.3/netty-resolver-4.1.50.Final.jar
./core/build/dependant-libs-2.13.3/netty-buffer-4.1.50.Final.jar
./core/build/dependant-libs-2.13.3/netty-common-4.1.50.Final.jar
```
Note that the previous netty exclude no longer worked since we upgraded
to ZooKeeper 3.5.x as it switched to Netty 4 which has different module names.
Also, the Netty dependency is needed by ZooKeeper for TLS support so we
cannot exclude it.
Reviewers: Manikumar Reddy <ma...@gmail.com>
---
build.gradle | 11 +++++++++--
gradle/dependencies.gradle | 4 ++++
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/build.gradle b/build.gradle
index 6edbd02..2d2d951 100644
--- a/build.gradle
+++ b/build.gradle
@@ -76,7 +76,15 @@ allprojects {
configurations {
runtime {
resolutionStrategy {
- force "com.fasterxml.jackson.core:jackson-annotations:$versions.jackson"
+ force(
+ // ensures we have a single version of jackson-annotations in the classpath even if
+ // some modules only have a transitive reference to an older version
+ libs.jacksonAnnotations,
+ // be explicit about the Netty dependency version instead of relying on the version
+ // set by ZooKeeper (potentially older and containing CVEs)
+ libs.nettyHandler,
+ libs.nettyTransportNativeEpoll
+ )
}
}
}
@@ -694,7 +702,6 @@ project(':core') {
compile(libs.zookeeper) {
exclude module: 'slf4j-log4j12'
exclude module: 'log4j'
- exclude module: 'netty'
}
// ZooKeeperMain depends on commons-cli but declares the dependency as `provided`
compile libs.commonsCli
diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
index da35300..062dd54 100644
--- a/gradle/dependencies.gradle
+++ b/gradle/dependencies.gradle
@@ -98,6 +98,7 @@ versions += [
mavenArtifact: "3.6.1",
metrics: "2.2.0",
mockito: "3.0.0",
+ netty: "4.1.50.Final",
owaspDepCheckPlugin: "5.2.1",
powermock: "2.0.2",
reflections: "0.9.11",
@@ -133,6 +134,7 @@ libs += [
bcpkix: "org.bouncycastle:bcpkix-jdk15on:$versions.bcpkix",
commonsCli: "commons-cli:commons-cli:$versions.commonsCli",
easymock: "org.easymock:easymock:$versions.easymock",
+ jacksonAnnotations: "com.fasterxml.jackson.core:jackson-annotations:$versions.jackson",
jacksonDatabind: "com.fasterxml.jackson.core:jackson-databind:$versions.jackson",
jacksonDataformatCsv: "com.fasterxml.jackson.dataformat:jackson-dataformat-csv:$versions.jackson",
jacksonModuleScala: "com.fasterxml.jackson.module:jackson-module-scala_$versions.baseScala:$versions.jackson",
@@ -166,6 +168,8 @@ libs += [
lz4: "org.lz4:lz4-java:$versions.lz4",
metrics: "com.yammer.metrics:metrics-core:$versions.metrics",
mockitoCore: "org.mockito:mockito-core:$versions.mockito",
+ nettyHandler: "io.netty:netty-handler:$versions.netty",
+ nettyTransportNativeEpoll: "io.netty:netty-transport-native-epoll:$versions.netty",
powermockJunit4: "org.powermock:powermock-module-junit4:$versions.powermock",
powermockEasymock: "org.powermock:powermock-api-easymock:$versions.powermock",
reflections: "org.reflections:reflections:$versions.reflections",