Skip to content

CNDB-16024: HCD-205: Upgrade Netty to 4.1.128.Final (#2063) #2134

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main-5.0
Choose a base branch
from
Open

CNDB-16024: HCD-205: Upgrade Netty to 4.1.128.Final (#2063) #2134

wants to merge 1 commit into from

Conversation

@michaelsembwever
Copy link
Member

@michaelsembwever michaelsembwever commented Nov 20, 2025

https://github.com/riptano/cndb/issues/16024

Port into main-5.0 commit e4d83f5

This patch upgrades Netty to address CVEs:
CVE-2025-55163
CVE-2025-58056
CVE-2025-58057
CVE-2025-59419

A recent security scan of HCD 1.2.3 shows a vulnerable version of Netty.

This patch updates Netty to 4.1.128.Final to address  CVEs: CVE-2025-55163
CVE-2025-58056
CVE-2025-58057
CVE-2025-59419

@emerkle826 @michaelsembwever
CNDB-16024: HCD-205: Upgrade Netty to 4.1.128.Final (#2063)
1be56d4 
This patch upgrades Netty to address CVEs:
CVE-2025-55163
CVE-2025-58056
CVE-2025-58057
CVE-2025-59419

A recent security scan of HCD 1.2.3 shows a vulnerable version of Netty.

This patch updates Netty to 4.1.128.Final to address  CVEs:
CVE-2025-55163
CVE-2025-58056
CVE-2025-58057
CVE-2025-59419
@github-actions
Copy link

github-actions bot commented Nov 20, 2025

Checklist before you submit for review

  • This PR adheres to the Definition of Done
  • Make sure there is a PR in the CNDB project updating the Converged Cassandra version
  • Use NoSpamLogger for log lines that may appear frequently in the logs
  • Verify test results on Butler
  • Test coverage for new/modified code is > 80%
  • Proper code formatting
  • Proper title for each commit staring with the project-issue number, like CNDB-1234
  • Each commit has a meaningful description
  • Each commit is not very long and contains related changes
  • Renames, moves and reformatting are in distinct commits
  • All new files should contain the DataStax copyright header instead of the Apache License one

@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 20, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@cassci-bot
Copy link

cassci-bot commented Nov 20, 2025

❌ Build ds-cassandra-pr-gate/PR-2134 rejected by Butler

8 regressions found
See build details here

Found 8 new test failures

Test Explanation Runs Upstream
junit.framework.TestSuite.org.apache.cassandra.distributed.test.CASMultiDCTest-_jdk11 NEW 🔴 0 / 18
o.a.c.cql3.validation.operations.AggregationQueriesTest.testAggregationQueryShouldNotTimeoutWhenItExceedesReadTimeout (compression) NEW 🔴 2 / 18
o.a.c.distributed.test.DropUDTWithRestartTest.loadCommitLogAndSSTablesWithDroppedColumnTestCC40 NEW 🔴 17 / 18
o.a.c.distributed.test.DropUDTWithRestartTest.loadCommitLogAndSSTablesWithDroppedColumnTestCC50 NEW 🔴 17 / 18
o.a.c.distributed.test.DropUDTWithRestartTest.loadCommitLogAndSSTablesWithDroppedColumnTestDSE NEW 🔴 17 / 18
o.a.c.distributed.test.GossipTest.nodeDownDuringMove NEW 🔴 0 / 18
o.a.c.distributed.test.NativeProtocolTest.withClientRequests NEW 🔴 0 / 18
o.a.c.index.SecondaryIndexManagerTest.testIndexRebuildWhenAddingSStableViaRemoteReload (compression) NEW 🔴 16 / 18

No known test failures found

djatnieks
djatnieks approved these changes Nov 21, 2025
View reviewed changes
Copy link

@djatnieks djatnieks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I ran the "new" failures reported by Butler locally and they all passed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@djatnieks djatnieks djatnieks approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@michaelsembwever @cassci-bot @djatnieks @emerkle826