flink icon indicating copy to clipboard operation
flink copied to clipboard
verified publisher icon apache

[FLINK-36510][rpc] bump pekko to 1.1.2, remove netty 3 (backport to release-1.20)

Open gracegrimwood opened this issue 1 year ago • 2 comments

What is the purpose of the change

Updates Pekko dependency to 1.1.2 which in turn upgrades Netty 3 to 4 (addressing FLINK-29065 and removing several CVEs from Flink). Pekko 1.1 also upgrades other dependencies such as slf4j and Jackson. For more details see the Pekko 1.1 release notes. CC @ferenc-csaky :smile:

Brief change log

  • Update Pekko version from 1.0.1 to 1.1.2
  • Replace Pekko Netty 3 dependency with flink-shaded Netty 4 (and test-scoped direct Netty 4 dependency)
  • Update Netty imports in ActorSystemBootstrapTools and PekkoUtils
  • Update NOTICE file

Verifying this change

This change is covered by existing tests in flink-rpc.

Does this pull request potentially affect one of the following parts:

  • Dependencies (does it add or upgrade a dependency): yes
  • The public API, i.e., is any changed class annotated with @Public(Evolving): no
  • The serializers: no
  • The runtime per-record code paths (performance sensitive): don't know
  • Anything that affects deployment or recovery: JobManager (and its components), Checkpointing, Kubernetes/Yarn, ZooKeeper: no
  • The S3 file system connector: no

Documentation

  • Does this pull request introduce a new feature? no
  • If yes, how is the feature documented? not applicable

gracegrimwood avatar Oct 20 '24 21:10 gracegrimwood

CI report:

  • 7b6668395240827901e226cd5c5d9e1a03ae0722 Azure: SUCCESS
Bot commands The @flinkbot bot supports the following commands:
  • @flinkbot run azure re-run the last Azure build

flinkbot avatar Oct 20 '24 21:10 flinkbot

1.20 backport of https://github.com/apache/flink/pull/25494, will merge them together.

ferenc-csaky avatar Oct 21 '24 07:10 ferenc-csaky