From dd04f818bcd3deaf18d88d1c9bb68e1d29039a9e Mon Sep 17 00:00:00 2001
From: liangbowen <liangbowen@gf.com.cn>
Date: Fri, 20 Jan 2023 13:16:21 +0800
Subject: [PATCH] [KYUUBI #4190] Bump Netty from 4.1.84 to 4.1.87
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### _Why are the changes needed?_

- Bump Netty from `4.1.84.Final` to `4.1.87.Final` (release note: https://netty.io/news/2023/01/12/4-1-87-Final.html)
- with 2 CVE （ including 1 in high risk level) fixed in 4.1.86.Final for 4.1.85 and before, `CVE-2022-41915` and `CVE-2022-41881`
 (https://netty.io/news/2022/12/12/4-1-86-Final.html)
- exclude `netty-handler-ssl-ocsp` which is released with `netty-all` since `4.1.86.Final`, as no SSL ocsp related feature used in kyuubi server

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4190 from bowenliang123/netty-4.1.87.

Closes #4190

97198aa9 [liangbowen] exclude netty-handler-ssl-ocsp from netty-all
44c3fab2 [liangbowen] update dependencyList
26a9ca7f [liangbowen] bump netty from 4.1.84 to 4.1.87

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: liangbowen <liangbowen@gf.com.cn>
---
 dev/dependencyList | 34 +++++++++++++++++-----------------
 pom.xml            |  6 +++++-
 2 files changed, 22 insertions(+), 18 deletions(-)

diff --git a/dev/dependencyList b/dev/dependencyList
index 449f7da23..6d7387b55 100644
--- a/dev/dependencyList
+++ b/dev/dependencyList
@@ -132,23 +132,23 @@ metrics-core/4.2.8//metrics-core-4.2.8.jar
 metrics-jmx/4.2.8//metrics-jmx-4.2.8.jar
 metrics-json/4.2.8//metrics-json-4.2.8.jar
 metrics-jvm/4.2.8//metrics-jvm-4.2.8.jar
-netty-all/4.1.84.Final//netty-all-4.1.84.Final.jar
-netty-buffer/4.1.84.Final//netty-buffer-4.1.84.Final.jar
-netty-codec-dns/4.1.84.Final//netty-codec-dns-4.1.84.Final.jar
-netty-codec-http/4.1.84.Final//netty-codec-http-4.1.84.Final.jar
-netty-codec-http2/4.1.84.Final//netty-codec-http2-4.1.84.Final.jar
-netty-codec-socks/4.1.84.Final//netty-codec-socks-4.1.84.Final.jar
-netty-codec/4.1.84.Final//netty-codec-4.1.84.Final.jar
-netty-common/4.1.84.Final//netty-common-4.1.84.Final.jar
-netty-handler-proxy/4.1.84.Final//netty-handler-proxy-4.1.84.Final.jar
-netty-handler/4.1.84.Final//netty-handler-4.1.84.Final.jar
-netty-resolver-dns/4.1.84.Final//netty-resolver-dns-4.1.84.Final.jar
-netty-resolver/4.1.84.Final//netty-resolver-4.1.84.Final.jar
-netty-transport-classes-epoll/4.1.84.Final//netty-transport-classes-epoll-4.1.84.Final.jar
-netty-transport-native-epoll/4.1.84.Final/linux-aarch_64/netty-transport-native-epoll-4.1.84.Final-linux-aarch_64.jar
-netty-transport-native-epoll/4.1.84.Final/linux-x86_64/netty-transport-native-epoll-4.1.84.Final-linux-x86_64.jar
-netty-transport-native-unix-common/4.1.84.Final//netty-transport-native-unix-common-4.1.84.Final.jar
-netty-transport/4.1.84.Final//netty-transport-4.1.84.Final.jar
+netty-all/4.1.87.Final//netty-all-4.1.87.Final.jar
+netty-buffer/4.1.87.Final//netty-buffer-4.1.87.Final.jar
+netty-codec-dns/4.1.87.Final//netty-codec-dns-4.1.87.Final.jar
+netty-codec-http/4.1.87.Final//netty-codec-http-4.1.87.Final.jar
+netty-codec-http2/4.1.87.Final//netty-codec-http2-4.1.87.Final.jar
+netty-codec-socks/4.1.87.Final//netty-codec-socks-4.1.87.Final.jar
+netty-codec/4.1.87.Final//netty-codec-4.1.87.Final.jar
+netty-common/4.1.87.Final//netty-common-4.1.87.Final.jar
+netty-handler-proxy/4.1.87.Final//netty-handler-proxy-4.1.87.Final.jar
+netty-handler/4.1.87.Final//netty-handler-4.1.87.Final.jar
+netty-resolver-dns/4.1.87.Final//netty-resolver-dns-4.1.87.Final.jar
+netty-resolver/4.1.87.Final//netty-resolver-4.1.87.Final.jar
+netty-transport-classes-epoll/4.1.87.Final//netty-transport-classes-epoll-4.1.87.Final.jar
+netty-transport-native-epoll/4.1.87.Final/linux-aarch_64/netty-transport-native-epoll-4.1.87.Final-linux-aarch_64.jar
+netty-transport-native-epoll/4.1.87.Final/linux-x86_64/netty-transport-native-epoll-4.1.87.Final-linux-x86_64.jar
+netty-transport-native-unix-common/4.1.87.Final//netty-transport-native-unix-common-4.1.87.Final.jar
+netty-transport/4.1.87.Final//netty-transport-4.1.87.Final.jar
 okhttp-urlconnection/3.14.9//okhttp-urlconnection-3.14.9.jar
 okhttp/3.12.12//okhttp-3.12.12.jar
 okio/1.15.0//okio-1.15.0.jar
diff --git a/pom.xml b/pom.xml
index 6da070b49..af19af136 100644
--- a/pom.xml
+++ b/pom.xml
@@ -170,7 +170,7 @@
         <ldapsdk.version>6.0.5</ldapsdk.version>
         <log4j.version>2.19.0</log4j.version>
         <mysql.jdbc.version>8.0.31</mysql.jdbc.version>
-        <netty.version>4.1.84.Final</netty.version>
+        <netty.version>4.1.87.Final</netty.version>
         <parquet.version>1.10.1</parquet.version>
         <phoenix.version>6.0.0</phoenix.version>
         <prometheus.version>0.16.0</prometheus.version>
@@ -880,6 +880,10 @@
                         <groupId>io.netty</groupId>
                         <artifactId>netty-codec-xml</artifactId>
                     </exclusion>
+                    <exclusion>
+                        <groupId>io.netty</groupId>
+                        <artifactId>netty-handler-ssl-ocsp</artifactId>
+                    </exclusion>
                     <exclusion>
                         <groupId>io.netty</groupId>
                         <artifactId>netty-resolver-dns-classes-macos</artifactId>