Skip to content

Upgrade Netty to 4.1.134.Final for CVE fixes#17751

Merged
HTHou merged 1 commit into
masterfrom
codex/upgrade-netty-cve
May 25, 2026
Merged

Upgrade Netty to 4.1.134.Final for CVE fixes#17751
HTHou merged 1 commit into
masterfrom
codex/upgrade-netty-cve

Conversation

@HTHou
Copy link
Copy Markdown
Contributor

@HTHou HTHou commented May 25, 2026
edited
Loading

Description

Upgrade Netty from 4.1.126.Final to 4.1.134.Final by updating the root netty.version property. Also update LICENSE-binary so the bundled binary license inventory matches the Netty artifacts already listed there.

This stays on the Netty 4.1.x line and includes security fixes released after 4.1.126.Final. The CVE list below is filtered to Netty artifacts present in IoTDB dependency trees, not every CVE mentioned in the Netty upstream release notes.

CVEs addressed for IoTDB Netty artifacts

  • CVE-2025-67735 - netty-codec-http, fixed in Netty 4.1.129.Final
  • CVE-2026-33871 - netty-codec-http2, fixed in Netty 4.1.132.Final
  • CVE-2026-33870 - netty-codec-http, fixed in Netty 4.1.132.Final

References:

Impact

All Netty modules managed by the Netty BOM remain aligned on a patched 4.1.x version without changing IoTDB code paths.

Validation

  • mvn -pl iotdb-core/datanode -DskipTests compile
  • mvn -pl distribution -DskipTests dependency:tree -Dincludes=io.netty
  • mvn -pl external-service-impl/mqtt -DskipTests dependency:tree -Dincludes=io.netty
  • git diff --check

@HTHou HTHou changed the title [codex] Upgrade Netty for CVE fixes Upgrade Netty for CVE fixes May 25, 2026
@HTHou HTHou force-pushed the codex/upgrade-netty-cve branch from 62ee96b to 0c52a71 Compare May 25, 2026 02:29
@HTHou HTHou changed the title Upgrade Netty for CVE fixes Upgrade Netty to 4.1.134.Final for CVE fixes May 25, 2026
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 25, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@codecov
Copy link
Copy Markdown

codecov Bot commented May 25, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 40.62%. Comparing base (19ea041) to head (0c52a71).
⚠️ Report is 3 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff            @@
##             master   #17751   +/-   ##
=========================================
  Coverage     40.62%   40.62%           
- Complexity     2574     2576    +2     
=========================================
  Files          5179     5179           
  Lines        350123   350138   +15     
  Branches      44775    44776    +1     
=========================================
+ Hits         142227   142246   +19     
+ Misses       207896   207892    -4

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@HTHou HTHou marked this pull request as ready for review May 25, 2026 04:00
@HTHou HTHou merged commit be9c1bc into master May 25, 2026
51 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@HTHou