Skip to content

[3.15] Bump to Vert.x 4.5.21 and Netty 4.1.127.Final #49869

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Sep 10, 2025
Merged

[3.15] Bump to Vert.x 4.5.21 and Netty 4.1.127.Final #49869

merged 3 commits into from
Sep 10, 2025

Conversation

jponge
Copy link
Member

@jponge jponge commented Sep 4, 2025
edited
Loading

This fixes Netty CVEs: CVE-2025-58057 and CVE-2025-58056

@quarkus-bot quarkus-bot bot changed the title Bump to Vert.x 4.5.21 and Netty 4.1.126.Final [3.15] Bump to Vert.x 4.5.21 and Netty 4.1.126.Final Sep 4, 2025
@quarkus-bot quarkus-bot
Copy link

quarkus-bot bot commented Sep 4, 2025

/cc @aloubyansky (3.15), @gastaldi (3.15), @gsmet (3.15), @jmartisk (3.15), @rsvoboda (3.15)

@quarkus-bot quarkus-bot bot added area/dependencies Pull requests that update a dependency file area/netty area/vertx labels Sep 4, 2025
gsmet
gsmet requested changes Sep 4, 2025
View reviewed changes
Copy link
Member

@gsmet gsmet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's make sure we have everything sorted out in #49867 first before merging this.

@jponge jponge mentioned this pull request Sep 4, 2025
Merged
@quarkus-bot quarkus-bot

This comment has been minimized.

Sign in to view
@jponge @cescoffier
Ensure the full compressed payload is decoded
845533c 
Also fixes Vertx context being created in tests but never been cleared.

Co-authored-by: Clement Escoffier <[email protected]>
@quarkus-bot quarkus-bot

This comment has been minimized.

Sign in to view
@jponge
Bump to Netty 4.1.127.Final
89fe431 
This fixes Netty/BouncyCastle issues.
@jponge
Copy link
Member Author

jponge commented Sep 8, 2025

@jmartisk updated here as well

@jponge jponge changed the title [3.15] Bump to Vert.x 4.5.21 and Netty 4.1.126.Final [3.15] Bump to Vert.x 4.5.21 and Netty 4.1.127.Final Sep 8, 2025
@quarkus-bot quarkus-bot
Copy link

quarkus-bot bot commented Sep 8, 2025
edited by github-actions bot
Loading

Status for workflow Quarkus CI

This is the status report for running Quarkus CI on commit 89fe431.

✅ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

You can consult the Develocity build scans.

Flaky tests - Develocity

⚙️ JVM Tests - JDK 17

📦 extensions/smallrye-reactive-messaging/deployment

io.quarkus.smallrye.reactivemessaging.hotreload.ConnectorChangeTest.testUpdatingConnector - History

  • Expecting actual: ["-4","-5","-6","-7","-8","-9","-10","-11"] to start with: ["-3", "-4", "-5", "-6"] - java.lang.AssertionError
java.lang.AssertionError: 

Expecting actual:
  ["-4","-5","-6","-7","-8","-9","-10","-11"]
to start with:
  ["-3", "-4", "-5", "-6"]

	at io.quarkus.smallrye.reactivemessaging.hotreload.ConnectorChangeTest.testUpdatingConnector(ConnectorChangeTest.java:36)

@jmartisk jmartisk merged commit 7d0026f into quarkusio:3.15 Sep 10, 2025
52 checks passed
@jmartisk jmartisk added this to the 3.15.7 milestone Sep 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gsmet gsmet gsmet requested changes

@jmartisk jmartisk jmartisk approved these changes

Assignees
No one assigned
Labels
area/dependencies Pull requests that update a dependency file area/netty area/vertx triage/flaky-test
Projects
None yet
Milestone
3.15.7
Development

Successfully merging this pull request may close these issues.
3 participants
@jponge @jmartisk @gsmet