Upgrade netty from 4.1.73.Final to 4.1.78.Final by cwperks · Pull Request #3772 · opensearch-project/OpenSearch

cwperks · 2022-07-05T15:35:58Z

Signed-off-by: Craig Perkins cwperx@amazon.com

Description

First PR! 🥇 This upgrades Netty to address a CVE in 4.1.73. This resolves 1831

Issues Resolved

1831

Check List

Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

reta · 2022-07-05T15:38:21Z

I am curios why @dependabot didn't do that ...

github-actions · 2022-07-05T15:39:35Z

Gradle Check (Jenkins) Run Completed with:

RESULT: FAILURE ❌
URL: https://build.ci.opensearch.org/job/gradle-check/139/
CommitID: 50d93389ef153f38bc12eeb04389541f39ca1c76

github-actions · 2022-07-05T16:10:24Z

Gradle Check (Jenkins) Run Completed with:

RESULT: FAILURE ❌
URL: https://build.ci.opensearch.org/job/gradle-check/141/
CommitID: 404703e04c4aece58a342440018c36397f17d2e7

github-actions · 2022-07-05T16:12:20Z

Gradle Check (Jenkins) Run Completed with:

RESULT: FAILURE ❌
URL: https://build.ci.opensearch.org/job/gradle-check/142/
CommitID: a76875a6bf92a0ffe307a7d3d2dea5a1f31b5811

github-actions · 2022-07-05T16:19:57Z

Gradle Check (Jenkins) Run Completed with:

RESULT: FAILURE ❌
URL: https://build.ci.opensearch.org/job/gradle-check/143/
CommitID: fc2982fadc41a3d3d923953381cdde2978aede41

github-actions · 2022-07-05T16:43:25Z

Gradle Check (Jenkins) Run Completed with:

RESULT: FAILURE ❌
URL: https://build.ci.opensearch.org/job/gradle-check/145/
CommitID: 134f4ffc1a1cef8f672364703cb25f2274315026

github-actions · 2022-07-05T17:00:47Z

Gradle Check (Jenkins) Run Completed with:

RESULT: FAILURE ❌
URL: https://build.ci.opensearch.org/job/gradle-check/146/
CommitID: 6cc916960de832e72f28662f0ee7aabd4dddf20d

cwperks · 2022-07-05T17:21:19Z

This message changed from 4.1.74.Final -> 4.1.75.Final.

Details here: netty/netty@3ba2eed#diff-864e434ddf7f115156d8497898df1bb48240c9d488d6652b52c437bf9c91fb96

github-actions · 2022-07-05T17:46:01Z

Gradle Check (Jenkins) Run Completed with:

RESULT: FAILURE ❌
URL: https://build.ci.opensearch.org/job/gradle-check/148/
CommitID: e3db0276f5f914d0e04d78c5f69e2d6aeaaad318

github-actions · 2022-07-05T19:10:33Z

Gradle Check (Jenkins) Run Completed with:

RESULT: FAILURE ❌
URL: https://build.ci.opensearch.org/job/gradle-check/154/
CommitID: 1cbde87bf1790fca62bb37cc74bce8eeb639534c

Signed-off-by: Craig Perkins <cwperx@amazon.com>

github-actions · 2022-07-05T19:46:44Z

Gradle Check (Jenkins) Run Completed with:

RESULT: SUCCESS ✅
URL: https://build.ci.opensearch.org/job/gradle-check/155/
CommitID: 7e248b4

saratvemulapalli · 2022-07-05T20:31:17Z

I am curios why @dependabot didn't do that ...

hm.. may be @VachaShah might know about it.

Signed-off-by: Craig Perkins <cwperx@amazon.com> (cherry picked from commit 5c531bb)

VachaShah · 2022-07-05T20:50:08Z

I am curios why @dependabot didn't do that ...

hm.. may be @VachaShah might know about it.

I think Dependabot is not able to scan version.properties file.

reta · 2022-07-05T21:01:47Z

I am curios why @dependabot didn't do that ...

hm.. may be @VachaShah might know about it.

I think Dependabot is not able to scan version.properties file.

Thanks @VachaShah

saratvemulapalli · 2022-07-05T21:58:36Z

@VachaShah @reta I've opened up an issue #3782.
I have no idea if it can be done, feel free to chime if you have ideas to make it happen.

Signed-off-by: Craig Perkins <cwperx@amazon.com> (cherry picked from commit 5c531bb) Co-authored-by: Craig Perkins <craig5008@gmail.com>

Signed-off-by: Craig Perkins <cwperx@amazon.com> (cherry picked from commit 5c531bb)

Signed-off-by: Craig Perkins <cwperx@amazon.com> (cherry picked from commit 5c531bb) Co-authored-by: Craig Perkins <craig5008@gmail.com>

Signed-off-by: Craig Perkins <cwperx@amazon.com> (cherry picked from commit 5c531bb)

Signed-off-by: Craig Perkins <cwperx@amazon.com> (cherry picked from commit 5c531bb) Co-authored-by: Craig Perkins <craig5008@gmail.com>

cwperks requested review from a team and reta as code owners July 5, 2022 15:35

cwperks mentioned this pull request Jul 5, 2022

Upgrade netty to 4.1.77 opensearch-project/security#1926

Merged

3 tasks

reta approved these changes Jul 5, 2022

View reviewed changes

cwperks force-pushed the update-netty-to-4.1.77 branch from a76875a to fc2982f Compare July 5, 2022 16:11

cwperks commented Jul 5, 2022

View reviewed changes

cwperks mentioned this pull request Jul 5, 2022

Update Netty to 4.1.78.Final #3776

Closed

5 tasks

cwperks changed the title ~~Upgrade netty from 4.1.73.Final to 4.1.77.Final~~ Upgrade netty from 4.1.73.Final to 4.1.78.Final Jul 5, 2022

Upgrade netty from 4.1.73.Final to 4.1.78.Final

7e248b4

Signed-off-by: Craig Perkins <cwperx@amazon.com>

cwperks force-pushed the update-netty-to-4.1.77 branch from 1cbde87 to 7e248b4 Compare July 5, 2022 19:17

reta added the backport 2.x Backport to 2.x branch label Jul 5, 2022

saratvemulapalli added v3.0.0 Issues and PRs related to version 3.0.0 v2.2.0 >upgrade Label used when upgrading library dependencies (e.g., Lucene) dependencies Pull requests that update a dependency file labels Jul 5, 2022

saratvemulapalli approved these changes Jul 5, 2022

View reviewed changes

saratvemulapalli merged commit 5c531bb into opensearch-project:main Jul 5, 2022

opensearch-trigger-bot Bot pushed a commit that referenced this pull request Jul 5, 2022

Upgrade netty from 4.1.73.Final to 4.1.78.Final (#3772)

3d352fe

Signed-off-by: Craig Perkins <cwperx@amazon.com> (cherry picked from commit 5c531bb)

opensearch-trigger-bot Bot mentioned this pull request Jul 5, 2022

[Backport 2.x] Upgrade netty from 4.1.73.Final to 4.1.78.Final #3778

Merged

saratvemulapalli mentioned this pull request Jul 5, 2022

Dependabot does not scan for versions in versions.properties #3782

Closed

saratvemulapalli pushed a commit that referenced this pull request Jul 5, 2022

Upgrade netty from 4.1.73.Final to 4.1.78.Final (#3772) (#3778)

21ee3c5

Signed-off-by: Craig Perkins <cwperx@amazon.com> (cherry picked from commit 5c531bb) Co-authored-by: Craig Perkins <craig5008@gmail.com>

mch2 added backport 1.x backport 1.3 Backport to 1.3 branch labels Jul 6, 2022

opensearch-trigger-bot Bot pushed a commit that referenced this pull request Jul 6, 2022

Upgrade netty from 4.1.73.Final to 4.1.78.Final (#3772)

f00b428

Signed-off-by: Craig Perkins <cwperx@amazon.com> (cherry picked from commit 5c531bb)

opensearch-trigger-bot Bot mentioned this pull request Jul 6, 2022

[Backport 1.x] Upgrade netty from 4.1.73.Final to 4.1.78.Final #3788

Merged

opensearch-trigger-bot Bot pushed a commit that referenced this pull request Jul 6, 2022

Upgrade netty from 4.1.73.Final to 4.1.78.Final (#3772)

930e19b

Signed-off-by: Craig Perkins <cwperx@amazon.com> (cherry picked from commit 5c531bb)

opensearch-trigger-bot Bot mentioned this pull request Jul 6, 2022

[Backport 1.3] Upgrade netty from 4.1.73.Final to 4.1.78.Final #3789

Merged

mch2 pushed a commit that referenced this pull request Jul 7, 2022

Upgrade netty from 4.1.73.Final to 4.1.78.Final (#3772) (#3788)

f59f100

mch2 pushed a commit that referenced this pull request Jul 7, 2022

Upgrade netty from 4.1.73.Final to 4.1.78.Final (#3772) (#3789)

a074cec

Signed-off-by: Craig Perkins <cwperx@amazon.com> (cherry picked from commit 5c531bb) Co-authored-by: Craig Perkins <craig5008@gmail.com>

cliu123 mentioned this pull request Jul 11, 2022

Add netty-transport-native-unix-common to modules/transport-netty4/bu… #3848

Merged

1 task

mch2 added the backport 2.1 label Jul 11, 2022

opensearch-trigger-bot Bot pushed a commit that referenced this pull request Jul 11, 2022

Upgrade netty from 4.1.73.Final to 4.1.78.Final (#3772)

340a56d

Signed-off-by: Craig Perkins <cwperx@amazon.com> (cherry picked from commit 5c531bb)

opensearch-trigger-bot Bot mentioned this pull request Jul 11, 2022

[Backport 2.1] Upgrade netty from 4.1.73.Final to 4.1.78.Final #3855

Merged

reta pushed a commit that referenced this pull request Jul 12, 2022

Upgrade netty from 4.1.73.Final to 4.1.78.Final (#3772) (#3855)

4d0fdd4

Signed-off-by: Craig Perkins <cwperx@amazon.com> (cherry picked from commit 5c531bb) Co-authored-by: Craig Perkins <craig5008@gmail.com>

dbwiddis mentioned this pull request Jan 17, 2025

Add Craig Perkins as OpenSearch Maintainer #17046

Merged

Conversation

cwperks commented Jul 5, 2022

Description

Issues Resolved

Check List

Uh oh!

reta commented Jul 5, 2022

Uh oh!

github-actions Bot commented Jul 5, 2022

Gradle Check (Jenkins) Run Completed with:

Uh oh!

github-actions Bot commented Jul 5, 2022

Gradle Check (Jenkins) Run Completed with:

Uh oh!

github-actions Bot commented Jul 5, 2022

Gradle Check (Jenkins) Run Completed with:

Uh oh!

github-actions Bot commented Jul 5, 2022

Gradle Check (Jenkins) Run Completed with:

Uh oh!

github-actions Bot commented Jul 5, 2022

Gradle Check (Jenkins) Run Completed with:

Uh oh!

github-actions Bot commented Jul 5, 2022

Gradle Check (Jenkins) Run Completed with:

Uh oh!

cwperks Jul 5, 2022

Choose a reason for hiding this comment

Uh oh!

github-actions Bot commented Jul 5, 2022

Gradle Check (Jenkins) Run Completed with:

Uh oh!

github-actions Bot commented Jul 5, 2022

Gradle Check (Jenkins) Run Completed with:

Uh oh!

github-actions Bot commented Jul 5, 2022

Gradle Check (Jenkins) Run Completed with:

Uh oh!

saratvemulapalli commented Jul 5, 2022

Uh oh!

VachaShah commented Jul 5, 2022

Uh oh!

reta commented Jul 5, 2022

Uh oh!

saratvemulapalli commented Jul 5, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants