Bump netty from 4.1.121.Final to 4.1.124.Final#19103
Bump netty from 4.1.121.Final to 4.1.124.Final#19103cwperks merged 2 commits intoopensearch-project:mainfrom
Conversation
Signed-off-by: Craig Perkins <cwperx@amazon.com>
Signed-off-by: Craig Perkins <cwperx@amazon.com>
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #19103 +/- ##
============================================
- Coverage 72.86% 72.85% -0.01%
- Complexity 69411 69412 +1
============================================
Files 5647 5647
Lines 319166 319188 +22
Branches 46165 46169 +4
============================================
- Hits 232565 232550 -15
- Misses 67779 67793 +14
- Partials 18822 18845 +23 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
* Bump netty from 4.1.121.Final to 4.1.124.Final Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add CHANGELOG entry Signed-off-by: Craig Perkins <cwperx@amazon.com> --------- Signed-off-by: Craig Perkins <cwperx@amazon.com> (cherry picked from commit b77770c) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* Bump netty from 4.1.121.Final to 4.1.124.Final (#19103) * Bump netty from 4.1.121.Final to 4.1.124.Final Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add CHANGELOG entry Signed-off-by: Craig Perkins <cwperx@amazon.com> --------- Signed-off-by: Craig Perkins <cwperx@amazon.com> (cherry picked from commit b77770c) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * Update CHANGELOG Signed-off-by: Craig Perkins <cwperx@amazon.com> --------- Signed-off-by: Craig Perkins <cwperx@amazon.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Craig Perkins <cwperx@amazon.com>
|
can this be done also for 2.19.x? scanners are reporting CVE-2025-58056 & CVE-2025-58057 on netty. however, the fix for those are only in 4.1.125.Final anyway, so an additional update is also needed on |
|
Agree with @rursprung - appearing in our scans too for the same vulnerabilities. Would be good to get this bumped to 4.1.125.Final if possible to clear these! Had a brief closer look into this, and slightly different netty libraries are also present in openseach-ml, looks like version 4.1.118.Final coming in through software.amazon.awssdk - netty-nio-client (2.30.18) Additionally in the opensearch-notifications plugin, looks like is coming through opensearch-remote-metadata-sdk-ddb-client -> which also contains software.amazon.awssdk - netty-nio-client (2.30.18) Looks like a bump in the netty versions was included in a recently released software.amazon.awssdk - version 2.33.4 (release notes here) |
|
@rursprung @StewartWBrown , we will backport #19269 to 2.19. |
…arch-project#19107) * Bump netty from 4.1.121.Final to 4.1.124.Final (opensearch-project#19103) * Bump netty from 4.1.121.Final to 4.1.124.Final Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add CHANGELOG entry Signed-off-by: Craig Perkins <cwperx@amazon.com> --------- Signed-off-by: Craig Perkins <cwperx@amazon.com> (cherry picked from commit b77770c) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * Update CHANGELOG Signed-off-by: Craig Perkins <cwperx@amazon.com> --------- Signed-off-by: Craig Perkins <cwperx@amazon.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Craig Perkins <cwperx@amazon.com>
Description
Bump netty from 4.1.121.Final to 4.1.124.Final
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.