TEZ-4538 : Upgrade netty to 4.1.100 due to CVE-2023-44487

[AnmolSun]

No description provided.

[tez-yetus]

💔 -1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	25m 48s	Docker mode activated.
		_ Prechecks _
+1 💚	dupname	0m 0s	No case conflicting files found.
+1 💚	@author	0m 1s	The patch does not contain any @author tags.
-1 ❌	test4tests	0m 0s	The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
		_ master Compile Tests _
+1 💚	mvninstall	17m 28s	master passed
+1 💚	compile	2m 26s	master passed with JDK Ubuntu-11.0.21+9-post-Ubuntu-0ubuntu122.04
+1 💚	compile	2m 14s	master passed with JDK Private Build-1.8.0_392-8u392-ga-1~22.04-b08
+1 💚	javadoc	1m 42s	master passed with JDK Ubuntu-11.0.21+9-post-Ubuntu-0ubuntu122.04
+1 💚	javadoc	1m 8s	master passed with JDK Private Build-1.8.0_392-8u392-ga-1~22.04-b08
		_ Patch Compile Tests _
+1 💚	mvninstall	4m 46s	the patch passed
+1 💚	compile	2m 24s	the patch passed with JDK Ubuntu-11.0.21+9-post-Ubuntu-0ubuntu122.04
+1 💚	javac	2m 24s	the patch passed
+1 💚	compile	2m 10s	the patch passed with JDK Private Build-1.8.0_392-8u392-ga-1~22.04-b08
+1 💚	javac	2m 10s	the patch passed
+1 💚	whitespace	0m 0s	The patch has no whitespace issues.
+1 💚	xml	0m 1s	The patch has no ill-formed XML file.
+1 💚	javadoc	1m 12s	the patch passed with JDK Ubuntu-11.0.21+9-post-Ubuntu-0ubuntu122.04
+1 💚	javadoc	1m 7s	the patch passed with JDK Private Build-1.8.0_392-8u392-ga-1~22.04-b08
		_ Other Tests _
+1 💚	unit	72m 13s	root in the patch passed.
+1 💚	asflicense	0m 38s	The patch does not generate ASF License warnings.
		136m 26s

Subsystem	Report/Notes
Docker	ClientAPI=1.44 ServerAPI=1.44 base: https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-333/1/artifact/out/Dockerfile
GITHUB PR	#333
Optional Tests	dupname asflicense javac javadoc unit xml compile
uname	Linux 41b2609f4ebd 5.15.0-88-generic #98-Ubuntu SMP Mon Oct 2 15:18:56 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	personality/tez.sh
git revision	master / 5b4e827
Default Java	Private Build-1.8.0_392-8u392-ga-1~22.04-b08
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.21+9-post-Ubuntu-0ubuntu122.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_392-8u392-ga-1~22.04-b08
Test Results	https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-333/1/testReport/
Max. process+thread count	1493 (vs. ulimit of 5500)
modules	C: . U: .
Console output	https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-333/1/console
versions	git=2.34.1 maven=3.6.3
Powered by	Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

[abstractdog]

thanks @AnmolSun , can you please create a Jira for this one?

[AnmolSun]

Hi @abstractdog ,
Please find the JIIRA - TEZ-4538
Thanks a lot.

[abstractdog]

thanks @AnmolSun! does it make sense to the current latest 106.Final ?

[AnmolSun]

Hi @abstractdog , Hadoop is also currently at 4.1.100.Final (Ref). To avoid any conflicts, I thought it would be better to be in sync with what Hadoop is using currently, since that version also does not have any vulnerabilities. I will also work on raising it with Hive as well to upgrade their netty version to 4.1.100.Final as well.

[abstractdog]

makes sense
+1

[abstractdog]

+1