This is an automated email from the ASF dual-hosted git repository.

andreac pushed a commit to branch 3.7-dev
in repository https://gitbox.apache.org/repos/asf/tinkerpop.git


The following commit(s) were added to refs/heads/3.7-dev by this push:
     new bc685f60c0 Upgrade netty to 4.1.125.Final (GHSA-3p8m-j85q-pgmj) (#3197)
bc685f60c0 is described below

commit bc685f60c034a30c2ab1f8e5e03c70da492c7c4a
Author: Simon Olsen <[email protected]>
AuthorDate: Fri Sep 26 20:49:46 2025 +0200

    Upgrade netty to 4.1.125.Final (GHSA-3p8m-j85q-pgmj) (#3197)
    
    Upgrade netty to 4.1.125.Final to fix vulnerability GHSA-3p8m-j85q-pgmj 
with additional fix for flaky connections test.
    
    ---------
    
    Signed-off-by: Simon <[email protected]>
---
 CHANGELOG.asciidoc                                                | 1 +
 .../gremlin/driver/WebSocketClientBehaviorIntegrateTest.java      | 6 +++---
 .../gremlin-javascript/test/integration/client-behavior-tests.js  | 6 +++---
 .../main/python/tests/driver/test_web_socket_client_behavior.py   | 6 +++---
 gremlin-server/pom.xml                                            | 8 ++++++++
 .../tinkerpop/gremlin/driver/ClientConnectionIntegrateTest.java   | 2 +-
 pom.xml                                                           | 4 +++-
 7 files changed, 22 insertions(+), 11 deletions(-)

diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc
index 95ad39aef7..671a28664c 100644
--- a/CHANGELOG.asciidoc
+++ b/CHANGELOG.asciidoc
@@ -27,6 +27,7 @@ 
image::https://raw.githubusercontent.com/apache/tinkerpop/master/docs/static/ima
 * Added getter for `parameterItems` and `valueTraversal` on `DifferenceStep`.
 * Added properties to `Element` objects found in a `Path` for GraphSON v2 and 
v3 and GraphBinary.
 * Fixed edge properties for GraphBinary which were not deserializing properly.
+* Bump netty to 4.1.125.Final
 
 [[release-3-7-4]]
 === TinkerPop 3.7.4 (Release Date: August 1, 2025)
diff --git 
a/gremlin-driver/src/test/java/org/apache/tinkerpop/gremlin/driver/WebSocketClientBehaviorIntegrateTest.java
 
b/gremlin-driver/src/test/java/org/apache/tinkerpop/gremlin/driver/WebSocketClientBehaviorIntegrateTest.java
index 5cd461a91f..41f4ec5c19 100644
--- 
a/gremlin-driver/src/test/java/org/apache/tinkerpop/gremlin/driver/WebSocketClientBehaviorIntegrateTest.java
+++ 
b/gremlin-driver/src/test/java/org/apache/tinkerpop/gremlin/driver/WebSocketClientBehaviorIntegrateTest.java
@@ -158,7 +158,7 @@ public class WebSocketClientBehaviorIntegrateTest {
         // trigger the testing server to return captured 
sec-websocket-extensions header
         String returnedWsExtensions = client.submit("1", RequestOptions.build()
                 
.overrideRequestId(settings.SEC_WEBSOCKET_EXTENSIONS).create()).one().getString();
-        assertTrue(returnedWsExtensions.contains("permessage-deflate;"));
+        assertTrue(returnedWsExtensions.contains("permessage-deflate"));
     }
 
     /**
@@ -177,7 +177,7 @@ public class WebSocketClientBehaviorIntegrateTest {
         // trigger the testing server to return captured 
sec-websocket-extensions header
         String returnedWsExtensions = client.submit("1", RequestOptions.build()
                 
.overrideRequestId(settings.SEC_WEBSOCKET_EXTENSIONS).create()).one().getString();
-        assertTrue(returnedWsExtensions.contains("permessage-deflate;"));
+        assertTrue(returnedWsExtensions.contains("permessage-deflate"));
     }
 
     /**
@@ -196,7 +196,7 @@ public class WebSocketClientBehaviorIntegrateTest {
         // trigger the testing server to return captured 
sec-websocket-extensions header
         String returnedWsExtensions = client.submit("1", RequestOptions.build()
                 
.overrideRequestId(settings.SEC_WEBSOCKET_EXTENSIONS).create()).one().getString();
-        assertFalse(returnedWsExtensions.contains("permessage-deflate;"));
+        assertFalse(returnedWsExtensions.contains("permessage-deflate"));
     }
 
     /**
diff --git 
a/gremlin-javascript/src/main/javascript/gremlin-javascript/test/integration/client-behavior-tests.js
 
b/gremlin-javascript/src/main/javascript/gremlin-javascript/test/integration/client-behavior-tests.js
index b98ae3e86f..d43963813e 100644
--- 
a/gremlin-javascript/src/main/javascript/gremlin-javascript/test/integration/client-behavior-tests.js
+++ 
b/gremlin-javascript/src/main/javascript/gremlin-javascript/test/integration/client-behavior-tests.js
@@ -66,7 +66,7 @@ describe('Client', function () {
         it('should not request permessage deflate compression by default', 
async function () {
             const result = await client.submit('1', null, {requestId: 
settings.SEC_WEBSOCKET_EXTENSIONS});
             const returnedExtensions = result.first()
-            assert.ok(returnedExtensions == undefined || 
!returnedExtensions.includes("permessage-deflate;"))
+            assert.ok(returnedExtensions == undefined || 
!returnedExtensions.includes("permessage-deflate"))
         });
         it('should not request permessage deflate compression when disabled', 
async function () {
             const noCompressionClient = 
helper.getGremlinSocketServerClientWithOptions('gmodern',
@@ -75,7 +75,7 @@ describe('Client', function () {
                 {requestId: settings.SEC_WEBSOCKET_EXTENSIONS});
 
             const returnedExtensions = result.first()
-            assert.ok(returnedExtensions == undefined || 
!returnedExtensions.includes("permessage-deflate;"))
+            assert.ok(returnedExtensions == undefined || 
!returnedExtensions.includes("permessage-deflate"))
 
             await noCompressionClient.close();
         });
@@ -86,7 +86,7 @@ describe('Client', function () {
                 {requestId: settings.SEC_WEBSOCKET_EXTENSIONS});
 
             const returnedExtensions = result.first()
-            assert.ok(returnedExtensions.includes("permessage-deflate;"))
+            assert.ok(returnedExtensions.includes("permessage-deflate"))
 
             await compressionClient.close();
         });
diff --git 
a/gremlin-python/src/main/python/tests/driver/test_web_socket_client_behavior.py
 
b/gremlin-python/src/main/python/tests/driver/test_web_socket_client_behavior.py
index 8c5ff31a27..c231792ee3 100644
--- 
a/gremlin-python/src/main/python/tests/driver/test_web_socket_client_behavior.py
+++ 
b/gremlin-python/src/main/python/tests/driver/test_web_socket_client_behavior.py
@@ -80,7 +80,7 @@ def 
test_should_not_request_compression_by_default(socket_server_client, socket_
     response = socket_server_client.submit(
         "1", request_options={'requestId': 
socket_server_settings["SEC_WEBSOCKET_EXTENSIONS"]}).one()[0]
 
-    assert 'permessage-deflate;' not in response
+    assert 'permessage-deflate' not in response
 
 
 # Tests that client does not request permessage deflate compression when 
disabled
@@ -89,7 +89,7 @@ def 
test_should_not_request_compression_when_disabled(socket_server_client, sock
     response = socket_server_client.submit(
         "1", request_options={'requestId': 
socket_server_settings["SEC_WEBSOCKET_EXTENSIONS"]}).one()[0]
 
-    assert 'permessage-deflate;' not in response
+    assert 'permessage-deflate' not in response
 
 
 # Tests that client requests permessage deflate compression when enabled
@@ -98,7 +98,7 @@ def 
test_should_request_compression_when_enabled(socket_server_client, socket_se
     response = socket_server_client.submit(
         "1", request_options={'requestId': 
socket_server_settings["SEC_WEBSOCKET_EXTENSIONS"]}).one()[0]
 
-    assert 'permessage-deflate;' in response
+    assert 'permessage-deflate' in response
 
 
 # Tests that client is correctly sending all overridable per request settings 
(requestId, batchSize,
diff --git a/gremlin-server/pom.xml b/gremlin-server/pom.xml
index 3e36c21102..3f73d30219 100644
--- a/gremlin-server/pom.xml
+++ b/gremlin-server/pom.xml
@@ -119,6 +119,14 @@ limitations under the License.
             <artifactId>logcaptor</artifactId>
             <scope>test</scope>
         </dependency>
+        <!-- Optional depenency needed for Netty's SelfSignedCertificate 
generation on JDKs which doesn't provide sun.security.x509 package -->
+        <!-- 
https://github.com/netty/netty/blob/netty-4.1.125.Final/pom.xml#L963 -->
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcpkix-jdk15on</artifactId>
+            <version>${bouncycastle.version}</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
     <build>
         <directory>${basedir}/target</directory>
diff --git 
a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/driver/ClientConnectionIntegrateTest.java
 
b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/driver/ClientConnectionIntegrateTest.java
index 6f5c0ce606..bc65b03e0c 100644
--- 
a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/driver/ClientConnectionIntegrateTest.java
+++ 
b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/driver/ClientConnectionIntegrateTest.java
@@ -193,7 +193,7 @@ public class ClientConnectionIntegrateTest extends 
AbstractGremlinServerIntegrat
         final int usagePerConnection = 3;
         final Cluster cluster = TestClientFactory.build()
                 .minConnectionPoolSize(1)
-                .maxConnectionPoolSize(operations)
+                .maxConnectionPoolSize(operations / usagePerConnection)
                 .minSimultaneousUsagePerConnection(1)
                 .maxSimultaneousUsagePerConnection(usagePerConnection)
                 .create();
diff --git a/pom.xml b/pom.xml
index c724905ee0..e86c97f46d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -174,10 +174,12 @@ limitations under the License.
         <logback.version>1.2.13</logback.version>
         <metrics.version>3.0.2</metrics.version>
         <mockito.version>3.10.0</mockito.version>
-        <netty.version>4.1.101.Final</netty.version>
+        <netty.version>4.1.125.Final</netty.version>
         <slf4j.version>1.7.25</slf4j.version>
         <snakeyaml.version>2.0</snakeyaml.version>
         <spark.version>3.3.2</spark.version>
+        <!-- Version aligned with Netty's optional bcpkix dependency used for 
SelfSignedCertificate -->
+        <bouncycastle.version>1.69</bouncycastle.version>
         <ayza.version>10.0.0</ayza.version>
 
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>

Reply via email to