This is an automated email from the ASF dual-hosted git repository.
andreac pushed a commit to branch 3.7-dev
in repository https://gitbox.apache.org/repos/asf/tinkerpop.git
The following commit(s) were added to refs/heads/3.7-dev by this push:
new bc685f60c0 Upgrade netty to 4.1.125.Final (GHSA-3p8m-j85q-pgmj) (#3197)
bc685f60c0 is described below
commit bc685f60c034a30c2ab1f8e5e03c70da492c7c4a
Author: Simon Olsen <[email protected]>
AuthorDate: Fri Sep 26 20:49:46 2025 +0200
Upgrade netty to 4.1.125.Final (GHSA-3p8m-j85q-pgmj) (#3197)
Upgrade netty to 4.1.125.Final to fix vulnerability GHSA-3p8m-j85q-pgmj
with additional fix for flaky connections test.
---------
Signed-off-by: Simon <[email protected]>
---
CHANGELOG.asciidoc | 1 +
.../gremlin/driver/WebSocketClientBehaviorIntegrateTest.java | 6 +++---
.../gremlin-javascript/test/integration/client-behavior-tests.js | 6 +++---
.../main/python/tests/driver/test_web_socket_client_behavior.py | 6 +++---
gremlin-server/pom.xml | 8 ++++++++
.../tinkerpop/gremlin/driver/ClientConnectionIntegrateTest.java | 2 +-
pom.xml | 4 +++-
7 files changed, 22 insertions(+), 11 deletions(-)
diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc
index 95ad39aef7..671a28664c 100644
--- a/CHANGELOG.asciidoc
+++ b/CHANGELOG.asciidoc
@@ -27,6 +27,7 @@
image::https://raw.githubusercontent.com/apache/tinkerpop/master/docs/static/ima
* Added getter for `parameterItems` and `valueTraversal` on `DifferenceStep`.
* Added properties to `Element` objects found in a `Path` for GraphSON v2 and
v3 and GraphBinary.
* Fixed edge properties for GraphBinary which were not deserializing properly.
+* Bump netty to 4.1.125.Final
[[release-3-7-4]]
=== TinkerPop 3.7.4 (Release Date: August 1, 2025)
diff --git
a/gremlin-driver/src/test/java/org/apache/tinkerpop/gremlin/driver/WebSocketClientBehaviorIntegrateTest.java
b/gremlin-driver/src/test/java/org/apache/tinkerpop/gremlin/driver/WebSocketClientBehaviorIntegrateTest.java
index 5cd461a91f..41f4ec5c19 100644
---
a/gremlin-driver/src/test/java/org/apache/tinkerpop/gremlin/driver/WebSocketClientBehaviorIntegrateTest.java
+++
b/gremlin-driver/src/test/java/org/apache/tinkerpop/gremlin/driver/WebSocketClientBehaviorIntegrateTest.java
@@ -158,7 +158,7 @@ public class WebSocketClientBehaviorIntegrateTest {
// trigger the testing server to return captured
sec-websocket-extensions header
String returnedWsExtensions = client.submit("1", RequestOptions.build()
.overrideRequestId(settings.SEC_WEBSOCKET_EXTENSIONS).create()).one().getString();
- assertTrue(returnedWsExtensions.contains("permessage-deflate;"));
+ assertTrue(returnedWsExtensions.contains("permessage-deflate"));
}
/**
@@ -177,7 +177,7 @@ public class WebSocketClientBehaviorIntegrateTest {
// trigger the testing server to return captured
sec-websocket-extensions header
String returnedWsExtensions = client.submit("1", RequestOptions.build()
.overrideRequestId(settings.SEC_WEBSOCKET_EXTENSIONS).create()).one().getString();
- assertTrue(returnedWsExtensions.contains("permessage-deflate;"));
+ assertTrue(returnedWsExtensions.contains("permessage-deflate"));
}
/**
@@ -196,7 +196,7 @@ public class WebSocketClientBehaviorIntegrateTest {
// trigger the testing server to return captured
sec-websocket-extensions header
String returnedWsExtensions = client.submit("1", RequestOptions.build()
.overrideRequestId(settings.SEC_WEBSOCKET_EXTENSIONS).create()).one().getString();
- assertFalse(returnedWsExtensions.contains("permessage-deflate;"));
+ assertFalse(returnedWsExtensions.contains("permessage-deflate"));
}
/**
diff --git
a/gremlin-javascript/src/main/javascript/gremlin-javascript/test/integration/client-behavior-tests.js
b/gremlin-javascript/src/main/javascript/gremlin-javascript/test/integration/client-behavior-tests.js
index b98ae3e86f..d43963813e 100644
---
a/gremlin-javascript/src/main/javascript/gremlin-javascript/test/integration/client-behavior-tests.js
+++
b/gremlin-javascript/src/main/javascript/gremlin-javascript/test/integration/client-behavior-tests.js
@@ -66,7 +66,7 @@ describe('Client', function () {
it('should not request permessage deflate compression by default',
async function () {
const result = await client.submit('1', null, {requestId:
settings.SEC_WEBSOCKET_EXTENSIONS});
const returnedExtensions = result.first()
- assert.ok(returnedExtensions == undefined ||
!returnedExtensions.includes("permessage-deflate;"))
+ assert.ok(returnedExtensions == undefined ||
!returnedExtensions.includes("permessage-deflate"))
});
it('should not request permessage deflate compression when disabled',
async function () {
const noCompressionClient =
helper.getGremlinSocketServerClientWithOptions('gmodern',
@@ -75,7 +75,7 @@ describe('Client', function () {
{requestId: settings.SEC_WEBSOCKET_EXTENSIONS});
const returnedExtensions = result.first()
- assert.ok(returnedExtensions == undefined ||
!returnedExtensions.includes("permessage-deflate;"))
+ assert.ok(returnedExtensions == undefined ||
!returnedExtensions.includes("permessage-deflate"))
await noCompressionClient.close();
});
@@ -86,7 +86,7 @@ describe('Client', function () {
{requestId: settings.SEC_WEBSOCKET_EXTENSIONS});
const returnedExtensions = result.first()
- assert.ok(returnedExtensions.includes("permessage-deflate;"))
+ assert.ok(returnedExtensions.includes("permessage-deflate"))
await compressionClient.close();
});
diff --git
a/gremlin-python/src/main/python/tests/driver/test_web_socket_client_behavior.py
b/gremlin-python/src/main/python/tests/driver/test_web_socket_client_behavior.py
index 8c5ff31a27..c231792ee3 100644
---
a/gremlin-python/src/main/python/tests/driver/test_web_socket_client_behavior.py
+++
b/gremlin-python/src/main/python/tests/driver/test_web_socket_client_behavior.py
@@ -80,7 +80,7 @@ def
test_should_not_request_compression_by_default(socket_server_client, socket_
response = socket_server_client.submit(
"1", request_options={'requestId':
socket_server_settings["SEC_WEBSOCKET_EXTENSIONS"]}).one()[0]
- assert 'permessage-deflate;' not in response
+ assert 'permessage-deflate' not in response
# Tests that client does not request permessage deflate compression when
disabled
@@ -89,7 +89,7 @@ def
test_should_not_request_compression_when_disabled(socket_server_client, sock
response = socket_server_client.submit(
"1", request_options={'requestId':
socket_server_settings["SEC_WEBSOCKET_EXTENSIONS"]}).one()[0]
- assert 'permessage-deflate;' not in response
+ assert 'permessage-deflate' not in response
# Tests that client requests permessage deflate compression when enabled
@@ -98,7 +98,7 @@ def
test_should_request_compression_when_enabled(socket_server_client, socket_se
response = socket_server_client.submit(
"1", request_options={'requestId':
socket_server_settings["SEC_WEBSOCKET_EXTENSIONS"]}).one()[0]
- assert 'permessage-deflate;' in response
+ assert 'permessage-deflate' in response
# Tests that client is correctly sending all overridable per request settings
(requestId, batchSize,
diff --git a/gremlin-server/pom.xml b/gremlin-server/pom.xml
index 3e36c21102..3f73d30219 100644
--- a/gremlin-server/pom.xml
+++ b/gremlin-server/pom.xml
@@ -119,6 +119,14 @@ limitations under the License.
<artifactId>logcaptor</artifactId>
<scope>test</scope>
</dependency>
+ <!-- Optional depenency needed for Netty's SelfSignedCertificate
generation on JDKs which doesn't provide sun.security.x509 package -->
+ <!--
https://github.com/netty/netty/blob/netty-4.1.125.Final/pom.xml#L963 -->
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk15on</artifactId>
+ <version>${bouncycastle.version}</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<build>
<directory>${basedir}/target</directory>
diff --git
a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/driver/ClientConnectionIntegrateTest.java
b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/driver/ClientConnectionIntegrateTest.java
index 6f5c0ce606..bc65b03e0c 100644
---
a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/driver/ClientConnectionIntegrateTest.java
+++
b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/driver/ClientConnectionIntegrateTest.java
@@ -193,7 +193,7 @@ public class ClientConnectionIntegrateTest extends
AbstractGremlinServerIntegrat
final int usagePerConnection = 3;
final Cluster cluster = TestClientFactory.build()
.minConnectionPoolSize(1)
- .maxConnectionPoolSize(operations)
+ .maxConnectionPoolSize(operations / usagePerConnection)
.minSimultaneousUsagePerConnection(1)
.maxSimultaneousUsagePerConnection(usagePerConnection)
.create();
diff --git a/pom.xml b/pom.xml
index c724905ee0..e86c97f46d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -174,10 +174,12 @@ limitations under the License.
<logback.version>1.2.13</logback.version>
<metrics.version>3.0.2</metrics.version>
<mockito.version>3.10.0</mockito.version>
- <netty.version>4.1.101.Final</netty.version>
+ <netty.version>4.1.125.Final</netty.version>
<slf4j.version>1.7.25</slf4j.version>
<snakeyaml.version>2.0</snakeyaml.version>
<spark.version>3.3.2</spark.version>
+ <!-- Version aligned with Netty's optional bcpkix dependency used for
SelfSignedCertificate -->
+ <bouncycastle.version>1.69</bouncycastle.version>
<ayza.version>10.0.0</ayza.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>