Skip to content
代码片段 群组 项目
提交 39769643 编辑于 作者: Ismael Juma's avatar Ismael Juma
浏览文件

MINOR: Update Netty to 4.1.50.Final (#8972)

This includes important fixes. Netty is required by ZooKeeper if TLS is
enabled.

I verified that the netty jars were changed from 4.1.48 to 4.1.50 with
this PR, `find . -name '*netty*'`:

```text
./core/build/dependant-libs-2.13.3/netty-handler-4.1.50.Final.jar
./core/build/dependant-libs-2.13.3/netty-transport-native-epoll-4.1.50.Final.jar
./core/build/dependant-libs-2.13.3/netty-codec-4.1.50.Final.jar
./core/build/dependant-libs-2.13.3/netty-transport-native-unix-common-4.1.50.Final.jar
./core/build/dependant-libs-2.13.3/netty-transport-4.1.50.Final.jar
./core/build/dependant-libs-2.13.3/netty-resolver-4.1.50.Final.jar
./core/build/dependant-libs-2.13.3/netty-buffer-4.1.50.Final.jar
./core/build/dependant-libs-2.13.3/netty-common-4.1.50.Final.jar
```

Note that the previous netty exclude no longer worked since we upgraded
to ZooKeeper 3.5.x as it switched to Netty 4 which has different module names.
Also, the Netty dependency is needed by ZooKeeper for TLS support so we
cannot exclude it.

Reviewers: Manikumar Reddy <manikumar.reddy@gmail.com>
上级 e643c364
No related branches found
No related tags found
无相关合并请求
......@@ -76,7 +76,15 @@ allprojects {
configurations {
runtime {
resolutionStrategy {
force "com.fasterxml.jackson.core:jackson-annotations:$versions.jackson"
force(
// ensures we have a single version of jackson-annotations in the classpath even if
// some modules only have a transitive reference to an older version
libs.jacksonAnnotations,
// be explicit about the Netty dependency version instead of relying on the version
// set by ZooKeeper (potentially older and containing CVEs)
libs.nettyHandler,
libs.nettyTransportNativeEpoll
)
}
}
}
......@@ -720,7 +728,6 @@ project(':core') {
compile(libs.zookeeper) {
exclude module: 'slf4j-log4j12'
exclude module: 'log4j'
exclude module: 'netty'
}
// ZooKeeperMain depends on commons-cli but declares the dependency as `provided`
compile libs.commonsCli
......
......@@ -99,6 +99,7 @@ versions += [
mavenArtifact: "3.6.3",
metrics: "2.2.0",
mockito: "3.2.4",
netty: "4.1.50.Final",
owaspDepCheckPlugin: "5.2.4",
powermock: "2.0.5",
reflections: "0.9.12",
......@@ -133,6 +134,7 @@ libs += [
bcpkix: "org.bouncycastle:bcpkix-jdk15on:$versions.bcpkix",
commonsCli: "commons-cli:commons-cli:$versions.commonsCli",
easymock: "org.easymock:easymock:$versions.easymock",
jacksonAnnotations: "com.fasterxml.jackson.core:jackson-annotations:$versions.jackson",
jacksonDatabind: "com.fasterxml.jackson.core:jackson-databind:$versions.jackson",
jacksonDataformatCsv: "com.fasterxml.jackson.dataformat:jackson-dataformat-csv:$versions.jackson",
jacksonModuleScala: "com.fasterxml.jackson.module:jackson-module-scala_$versions.baseScala:$versions.jackson",
......@@ -167,6 +169,8 @@ libs += [
lz4: "org.lz4:lz4-java:$versions.lz4",
metrics: "com.yammer.metrics:metrics-core:$versions.metrics",
mockitoCore: "org.mockito:mockito-core:$versions.mockito",
nettyHandler: "io.netty:netty-handler:$versions.netty",
nettyTransportNativeEpoll: "io.netty:netty-transport-native-epoll:$versions.netty",
powermockJunit4: "org.powermock:powermock-module-junit4:$versions.powermock",
powermockEasymock: "org.powermock:powermock-api-easymock:$versions.powermock",
reflections: "org.reflections:reflections:$versions.reflections",
......
0% 加载中 .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册