HBASE-29126 Bump netty4 to 4.1.119.Final

[revathy023]

Uplifting the netty version in order to resolve few high CVE vulnerability(CVE-2025-24970)

[Apache-HBase]

🎊 +1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	0m 58s	Docker mode activated.
		_ Prechecks _
+1 💚	dupname	0m 0s	No case conflicting files found.
+1 💚	@author	0m 0s	The patch does not contain any @author tags.
-0 ⚠️	test4tests	0m 0s	The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
		_ master Compile Tests _
+1 💚	mvninstall	0m 48s	master passed
+1 💚	compile	0m 12s	master passed
+1 💚	javadoc	0m 6s	master passed
		_ Patch Compile Tests _
+1 💚	mvninstall	0m 34s	the patch passed
+1 💚	compile	0m 12s	the patch passed
+1 💚	javac	0m 12s	the patch passed
+1 💚	whitespace	0m 0s	The patch has no whitespace issues.
+1 💚	xml	0m 1s	The patch has no ill-formed XML file.
+1 💚	javadoc	0m 6s	the patch passed
		_ Other Tests _
+1 💚	unit	0m 32s	root in the patch passed.
+1 💚	asflicense	0m 6s	The patch does not generate ASF License warnings.
		3m 45s

Subsystem	Report/Notes
Docker	ClientAPI=1.43 ServerAPI=1.43 base: https://ci-hbase.apache.org/job/HBase-Thirdparty-PreCommit/job/PR-130/1/artifact/yetus-precommit-check/output/Dockerfile
GITHUB PR	#130
Optional Tests	dupname asflicense javac javadoc unit xml compile
uname	Linux 1367190efaa3 5.4.0-1103-aws #111~18.04.1-Ubuntu SMP Tue May 23 20:04:10 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
git revision	master / 8eaa9c0
Default Java	Temurin-1.8.0_442-b06
Test Results	https://ci-hbase.apache.org/job/HBase-Thirdparty-PreCommit/job/PR-130/1/testReport/
Max. process+thread count	405 (vs. ulimit of 1000)
modules	C: . U: .
Console output	https://ci-hbase.apache.org/job/HBase-Thirdparty-PreCommit/job/PR-130/1/console
versions	git=2.43.0 maven=3.9.9
Powered by	Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

[revathy023]

No New testcases are specifically added for this patch,as it is a version uplift to resolve CVEs

[karthik-j]

Can we update this to use newer release netty-4.1.119.Final?

[NihalJain]

Hi @revathy023 thank you for submitting a fix. Welcome to the project.
There is an existing issue to fix this, please assign HBASE-29126 to yourself or let me know your jira id if this is your first PR in hbase?

[NihalJain]

Can we update this to use newer release netty-4.1.119.Final?

Agreed!

[Apache-HBase]

💔 -1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	0m 33s	Docker mode activated.
		_ Prechecks _
+1 💚	dupname	0m 0s	No case conflicting files found.
+1 💚	@author	0m 0s	The patch does not contain any @author tags.
-0 ⚠️	test4tests	0m 0s	The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
		_ master Compile Tests _
-1 ❌	mvninstall	0m 18s	root in master failed.
-1 ❌	compile	0m 17s	root in master failed.
-1 ❌	javadoc	0m 18s	root in master failed.
		_ Patch Compile Tests _
-1 ❌	mvninstall	0m 17s	root in the patch failed.
-1 ❌	compile	0m 18s	root in the patch failed.
-1 ❌	javac	0m 18s	root in the patch failed.
+1 💚	whitespace	0m 0s	The patch has no whitespace issues.
+1 💚	xml	0m 1s	The patch has no ill-formed XML file.
-1 ❌	javadoc	0m 17s	root in the patch failed.
		_ Other Tests _
-1 ❌	unit	0m 17s	root in the patch failed.
+0 🆗	asflicense	0m 18s	ASF License check generated no output?
		3m 15s

Subsystem	Report/Notes
Docker	ClientAPI=1.43 ServerAPI=1.43 base: https://ci-hbase.apache.org/job/HBase-Thirdparty-PreCommit/job/PR-130/2/artifact/yetus-precommit-check/output/Dockerfile
GITHUB PR	#130
Optional Tests	dupname asflicense javac javadoc unit xml compile
uname	Linux 55682f241afd 5.4.0-1103-aws #111~18.04.1-Ubuntu SMP Tue May 23 20:04:10 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
git revision	master / 8eaa9c0
Default Java	Temurin-1.8.0_442-b06
mvninstall	https://ci-hbase.apache.org/job/HBase-Thirdparty-PreCommit/job/PR-130/2/artifact/yetus-precommit-check/output/branch-mvninstall-root.txt
compile	https://ci-hbase.apache.org/job/HBase-Thirdparty-PreCommit/job/PR-130/2/artifact/yetus-precommit-check/output/branch-compile-root.txt
javadoc	https://ci-hbase.apache.org/job/HBase-Thirdparty-PreCommit/job/PR-130/2/artifact/yetus-precommit-check/output/branch-javadoc-root.txt
mvninstall	https://ci-hbase.apache.org/job/HBase-Thirdparty-PreCommit/job/PR-130/2/artifact/yetus-precommit-check/output/patch-mvninstall-root.txt
compile	https://ci-hbase.apache.org/job/HBase-Thirdparty-PreCommit/job/PR-130/2/artifact/yetus-precommit-check/output/patch-compile-root.txt
javac	https://ci-hbase.apache.org/job/HBase-Thirdparty-PreCommit/job/PR-130/2/artifact/yetus-precommit-check/output/patch-compile-root.txt
javadoc	https://ci-hbase.apache.org/job/HBase-Thirdparty-PreCommit/job/PR-130/2/artifact/yetus-precommit-check/output/patch-javadoc-root.txt
unit	https://ci-hbase.apache.org/job/HBase-Thirdparty-PreCommit/job/PR-130/2/artifact/yetus-precommit-check/output/patch-unit-root.txt
Test Results	https://ci-hbase.apache.org/job/HBase-Thirdparty-PreCommit/job/PR-130/2/testReport/
Max. process+thread count	9 (vs. ulimit of 1000)
modules	C: . U: .
Console output	https://ci-hbase.apache.org/job/HBase-Thirdparty-PreCommit/job/PR-130/2/console
versions	git=2.43.0 maven=3.9.9
Powered by	Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

[revathy023]

hey @NihalJain I did uplift the version to 4.1.119.Final, but looks like the build is not successful as per the previous robot comment, kindly lemme know if there is anything to be done from my end..thanks

[NihalJain]

hey @NihalJain I did uplift the version to 4.1.119.Final, but looks like the build is not successful as per the previous robot comment, kindly lemme know if there is anything to be done from my end..thanks

let me re-trigger

[NihalJain]

hey @NihalJain I did uplift the version to 4.1.119.Final, but looks like the build is not successful as per the previous robot comment, kindly lemme know if there is anything to be done from my end..thanks

let me re-trigger

Retriggered job: https://ci-hbase.apache.org/job/HBase-Thirdparty-PreCommit/job/PR-130/3/console

[Apache-HBase]

🎊 +1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	0m 59s	Docker mode activated.
		_ Prechecks _
+1 💚	dupname	0m 0s	No case conflicting files found.
+1 💚	@author	0m 0s	The patch does not contain any @author tags.
-0 ⚠️	test4tests	0m 0s	The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
		_ master Compile Tests _
+1 💚	mvninstall	0m 48s	master passed
+1 💚	compile	0m 11s	master passed
+1 💚	javadoc	0m 7s	master passed
		_ Patch Compile Tests _
+1 💚	mvninstall	0m 34s	the patch passed
+1 💚	compile	0m 12s	the patch passed
+1 💚	javac	0m 12s	the patch passed
+1 💚	whitespace	0m 0s	The patch has no whitespace issues.
+1 💚	xml	0m 0s	The patch has no ill-formed XML file.
+1 💚	javadoc	0m 5s	the patch passed
		_ Other Tests _
+1 💚	unit	0m 33s	root in the patch passed.
+1 💚	asflicense	0m 7s	The patch does not generate ASF License warnings.
		3m 48s

Subsystem	Report/Notes
Docker	ClientAPI=1.43 ServerAPI=1.43 base: https://ci-hbase.apache.org/job/HBase-Thirdparty-PreCommit/job/PR-130/3/artifact/yetus-precommit-check/output/Dockerfile
GITHUB PR	#130
Optional Tests	dupname asflicense javac javadoc unit xml compile
uname	Linux d7faa755e1c6 5.4.0-1103-aws #111~18.04.1-Ubuntu SMP Tue May 23 20:04:10 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
git revision	master / 8eaa9c0
Default Java	Temurin-1.8.0_442-b06
Test Results	https://ci-hbase.apache.org/job/HBase-Thirdparty-PreCommit/job/PR-130/3/testReport/
Max. process+thread count	383 (vs. ulimit of 1000)
modules	C: . U: .
Console output	https://ci-hbase.apache.org/job/HBase-Thirdparty-PreCommit/job/PR-130/3/console
versions	git=2.43.0 maven=3.9.9
Powered by	Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

[revathy023]

Thanks @NihalJain for retriggering the job... Could u guide me further on the next steps to be followed inorder to merge this PR and mark it closed. This is my first PR in the hbase space... Thanks in advance.

[NihalJain]

Thanks @NihalJain for retriggering the job... Could u guide me further on the next steps to be followed inorder to merge this PR and mark it closed. This is my first PR in the hbase space... Thanks in advance.

The PR LGTM, I will merge this in a while and close the ticket. Ideally we would want to have same change in main hbase repo as well but I think it is fine and we can do that once next third party release happens.

This is my first PR in the hbase space...

And thanks again for making your first contribution..

[revathy023]

Thanks @NihalJain for the approval... sure..dat sounds great..kindly go ahead and merge this PR as per the necessity... Thanks again

[karthik-j]

we can do that once next third party release happens.

Hi @NihalJain, how should we request a hbase-thirdparty release? Readme indicates it has to be done via hbase project scripts, do you know how I can request the release there, as I don't have privileges to initiate a release candidate.

[NihalJain]

we can do that once next third party release happens.

Hi @NihalJain, how should we request a hbase-thirdparty release? Readme indicates it has to be done via hbase project scripts, do you know how I can request the release there, as I don't have privileges to initiate a release candidate.

Hi @karthik-j, we had our last release of 2.6 branch in feb end. Refer https://github.com/apache/hbase/releases/tag/rel%2F2.6.2

If you want a new release for an urgent or critical bug fix you may drop a mail to dev@hbase.apache.org and check with team on tentative dates for next release.