Skip to content

HCD-258: Upgrade Netty to 4.1.130 and BoringSSL to 2.0.74 #2200

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
szymon-miezal merged 1 commit into from
Jan 23, 2026
Merged

HCD-258: Upgrade Netty to 4.1.130 and BoringSSL to 2.0.74 #2200

szymon-miezal merged 1 commit into from
Jan 23, 2026

Conversation

@szymon-miezal
Copy link

@szymon-miezal szymon-miezal commented Jan 20, 2026
edited
Loading

The rationale behind this upgrade is to remediate CVE-2025-67735.

Some fallout test results:

image (http://fallout.aws.dsinternal.org/performance/szymon.miezal@datastax.com/report/42b314cf-dcc5-4e5c-9254-706c5594e7ff) image (http://fallout.aws.dsinternal.org/performance/szymon.miezal@datastax.com/report/5b9a5813-f59f-4ba9-af8f-0afd18e9b477) image (http://fallout.aws.dsinternal.org/performance/szymon.miezal@datastax.com/report/dedd9a0c-e84a-4ae4-8083-eb6ba0189f86)

CNDB PR: https://github.com/riptano/cndb/pull/16481

@szymon-miezal
HCD-258: Upgrade Netty to 4.1.130 and BoringSSL to 2.0.74
560613a 
The rationale behind this upgrade is to remediate CVE-2025-67735.
@github-actions
Copy link

github-actions bot commented Jan 20, 2026
edited by szymon-miezal
Loading

Checklist before you submit for review

  • This PR adheres to the Definition of Done
  • Make sure there is a PR in the CNDB project updating the Converged Cassandra version
  • Use NoSpamLogger for log lines that may appear frequently in the logs
  • Verify test results on Butler
  • Test coverage for new/modified code is > 80%
  • Proper code formatting
  • Proper title for each commit staring with the project-issue number, like CNDB-1234
  • Each commit has a meaningful description
  • Each commit is not very long and contains related changes
  • Renames, moves and reformatting are in distinct commits
  • All new files should contain the DataStax copyright header instead of the Apache License one

@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 21, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@cassci-bot
Copy link

cassci-bot commented Jan 21, 2026

❌ Build ds-cassandra-pr-gate/PR-2200 rejected by Butler

4 regressions found
See build details here

Found 4 new test failures

Test Explanation Runs Upstream
o.a.c.distributed.test.AbortedQueryLoggerTest.testLogsReadMetrics REGRESSION 🔵🔴 0 / 20
o.a.c.index.sai.QueryContextTest.testWideTableScoreOrdered[db] (compression) REGRESSION 🔵🔴 0 / 20
o.a.c.index.sai.cql.VectorCompaction100dTest.testOneToManyCompaction[dc false] REGRESSION 🔴 0 / 20
o.a.c.index.sai.cql.VectorSiftSmallTest.testRerankKZeroOrderMatchesFullPrecisionSimilarity[ca false] REGRESSION 🔴 0 / 20

Found 2 known test failures

jkni
jkni approved these changes Jan 23, 2026
View reviewed changes
Copy link

@jkni jkni left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I reviewed the changelogs and didn't see anything obviously concerning. Basic performance testing matches how we evaluated previous Netty upgrades. boringssl version matches the BOM for this netty version.

bereng
bereng approved these changes Jan 23, 2026
View reviewed changes
Copy link
Collaborator

@bereng bereng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CI is good and we have the usual perf tests we have done in other Netty upgrades.

@szymon-miezal szymon-miezal merged commit b02e3d3 into main Jan 23, 2026
491 of 506 checks passed
@szymon-miezal szymon-miezal deleted the HCD-258 branch January 23, 2026 10:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@scottfines scottfines scottfines approved these changes

@jkni jkni jkni approved these changes

@bereng bereng bereng approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@szymon-miezal @cassci-bot @scottfines @jkni @bereng