Skip to content

[SPARK-53436][BUILD] Upgrade Netty to 4.1.124.Final #52181

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

[SPARK-53436][BUILD] Upgrade Netty to 4.1.124.Final #52181

wants to merge 1 commit into from
+22 −22

Conversation

bjornjorgensen
Copy link
Contributor

@bjornjorgensen bjornjorgensen commented Aug 29, 2025
edited
Loading

What changes were proposed in this pull request?

Upgrade Netty from 4.1.123 to 4.1.124

Why are the changes needed?

Bug fixs and GHSA-prj3-ccx8-p6x4
Netty 4.1.124.Final released

Does this PR introduce any user-facing change?

No.

How was this patch tested?

Pass CI/CD tests.

Was this patch authored or co-authored using generative AI tooling?

No.

@github-actions github-actions bot added the BUILD label Aug 29, 2025
@bjornjorgensen
Copy link
Contributor Author

@dongjoon-hyun https://www.cve.org/CVERecord?id=CVE-2025-55163 so I hope to get this into 4.0.1

@bjornjorgensen bjornjorgensen changed the title Netty 4.1.124.Final [SPARK-53436] Netty 4.1.124.Final Aug 29, 2025
@bjornjorgensen bjornjorgensen changed the title [SPARK-53436] Netty 4.1.124.Final [SPARK-53436] Upgrade Netty to 4.1.124.Final Aug 29, 2025
@bjornjorgensen bjornjorgensen changed the title [SPARK-53436] Upgrade Netty to 4.1.124.Final [SPARK-53436][BUILD] Upgrade Netty to 4.1.124.Final Aug 29, 2025
dongjoon-hyun
dongjoon-hyun reviewed Aug 29, 2025
View reviewed changes
Copy link
Member

@dongjoon-hyun dongjoon-hyun left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for pinging me, @bjornjorgensen . It looks good for Apache Spark 4.1.0.

However, I don't think this is a blocker for 4.0.1. When it comes to new Netty dependency changes, we need to be very careful and more conservative on validation always because it affects Spark performance significantly.

For example, Apache Spark 4.0.x is still using 4.1.118.Final while Apache Spark 4.1.x

branch-4.0

spark/pom.xml

Line 218 in 3f03a1c

<netty.version>4.1.118.Final</netty.version>

master

spark/pom.xml

Line 219 in 59b34dc

<netty.version>4.1.123.Final</netty.version>

I also didn't backport the following my PRs too intentionally due to the same reasons.

We can land it to master branch first (if CI passes) and may revisit Netty at 4.0.2, @bjornjorgensen .

@bjornjorgensen
Copy link
Contributor Author

OK, thank you.

dongjoon-hyun
dongjoon-hyun approved these changes Aug 30, 2025
View reviewed changes
Copy link
Member

@dongjoon-hyun dongjoon-hyun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1, LGTM. Thank you, @bjornjorgensen .
Merged to master.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dongjoon-hyun dongjoon-hyun dongjoon-hyun approved these changes

Assignees
No one assigned
Labels
BUILD
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bjornjorgensen @dongjoon-hyun