Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Coordinated Vert.x 4.5.11 upgrades #44515

Merged
merged 1 commit into from
Nov 17, 2024
Merged

Conversation

jponge
Copy link
Member

@jponge jponge commented Nov 14, 2024

Upgrades to:

  • Vert.x 4.5.11
  • Vert.x Mutiny bindings 3.1.6.0
  • Netty 4.1.115.Final

Fixes CVE-2024-47535 with Netty 4.1.115.Final

@quarkus-bot quarkus-bot bot added area/dependencies Pull requests that update a dependency file area/netty labels Nov 14, 2024
Copy link
Member

@cescoffier cescoffier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!
Should we "undraft" it to run the full CI?

@jponge
Copy link
Member Author

jponge commented Nov 14, 2024

I just want to have a look at eclipse-vertx/vert.x#5387

@cescoffier
Copy link
Member

@mkouba could you help @jponge with eclipse-vertx/vert.x#5387? We may also need to check Quarkus HTTP (Jakarta WebSocket)

@jponge
Copy link
Member Author

jponge commented Nov 14, 2024

That being said the old API is still there but deprecated, so that might be another PR (at least @mkouba is aware that there's a change here)

@jponge jponge marked this pull request as ready for review November 14, 2024 17:32
@jponge jponge requested review from mkouba and geoand November 14, 2024 17:32
@jponge
Copy link
Member Author

jponge commented Nov 14, 2024

Looks like we have some failures, we'll see with the summary report what's to be investigated

@jponge
Copy link
Member Author

jponge commented Nov 14, 2024

The issues are SSL-related, see ./mvnw verify -f integration-tests/vertx-http -Pnative:

[ERROR] Tests run: 3, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 2.793 s <<< FAILURE! -- in io.quarkus.it.vertx.Http2TestCaseIT
[ERROR] io.quarkus.it.vertx.Http2TestCaseIT.testHttp2EnabledSsl -- Time elapsed: 0.112 s <<< ERROR!
java.util.concurrent.ExecutionException: io.vertx.core.VertxException: Connection was closed
	at java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:396)
	at java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:2073)
	at io.quarkus.it.vertx.Http2TestCase.runTest(Http2TestCase.java:108)
	at io.quarkus.it.vertx.Http2TestCase.runHttp2EnabledSsl(Http2TestCase.java:72)
	at io.quarkus.it.vertx.Http2TestCase.testHttp2EnabledSsl(Http2TestCase.java:42)
	at java.base/java.lang.reflect.Method.invoke(Method.java:580)
	at io.quarkus.test.junit.QuarkusTestExtension.interceptTestMethod(QuarkusTestExtension.java:805)
	at java.base/java.util.ArrayList.forEach(ArrayList.java:1597)
	at java.base/java.util.ArrayList.forEach(ArrayList.java:1597)
Caused by: io.vertx.core.VertxException: Connection was closed

and:

[ERROR] Tests run: 5, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 2.119 s <<< FAILURE! -- in io.quarkus.it.vertx.VertxProducerResourceIT
[ERROR] io.quarkus.it.vertx.VertxProducerResourceIT.testRouteRegistrationMTLS -- Time elapsed: 0.203 s <<< ERROR!
java.net.SocketException: Connection reset
	at java.base/sun.nio.ch.NioSocketImpl.implRead(NioSocketImpl.java:318)
	at java.base/sun.nio.ch.NioSocketImpl.read(NioSocketImpl.java:346)
	at java.base/sun.nio.ch.NioSocketImpl$1.read(NioSocketImpl.java:796)
	at java.base/java.net.Socket$SocketInputStream.implRead(Socket.java:1108)
	at java.base/java.net.Socket$SocketInputStream.read(Socket.java:1095)
	at java.base/sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:489)
	at java.base/sun.security.ssl.SSLSocketInputRecord.readHeader(SSLSocketInputRecord.java:483)
	at java.base/sun.security.ssl.SSLSocketInputRecord.bytesInCompletePacket(SSLSocketInputRecord.java:70)
	at java.base/sun.security.ssl.SSLSocketImpl.readApplicationRecord(SSLSocketImpl.java:1462)
	at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:1068)
	at org.apache.http.impl.io.AbstractSessionInputBuffer.fillBuffer(AbstractSessionInputBuffer.java:161)
	at org.apache.http.impl.io.SocketInputBuffer.fillBuffer(SocketInputBuffer.java:82)
	at org.apache.http.impl.io.AbstractSessionInputBuffer.readLine(AbstractSessionInputBuffer.jav

(--- snip ----)

This comment has been minimized.

@mkouba
Copy link
Contributor

mkouba commented Nov 15, 2024

@mkouba could you help @jponge with eclipse-vertx/vert.x#5387? We may also need to check Quarkus HTTP (Jakarta WebSocket)

That being said the old API is still there but deprecated, so that might be another PR (at least @mkouba is aware that there's a change here)

AFAIK we don't use the old API at all. Basically, the endpoint handler does not attempt to perform the upgrade if an HttpUpgradeCheck does not permit to do so.

@mkouba
Copy link
Contributor

mkouba commented Nov 15, 2024

FTR the io.quarkus.extest.OverrideBuildTimeConfigTes fails with:

2024-11-15T02:09:25.5750882Z Caused by: java.util.NoSuchElementException: SRCFG00027: Could not find a mapping for io.quarkus.runtime.ConfigConfig
2024-11-15T02:09:25.5751959Z 	at io.smallrye.config.SmallRyeConfig.getConfigMapping(SmallRyeConfig.java:631)
2024-11-15T02:09:25.5752713Z 	at io.smallrye.config.SmallRyeConfig.getConfigMapping(SmallRyeConfig.java:621)
2024-11-15T02:09:25.5753553Z 	at io.quarkus.runtime.configuration.ConfigRecorder.handleConfigChange(ConfigRecorder.java:63)
2024-11-15T02:09:25.5754601Z 	at io.quarkus.deployment.steps.ConfigGenerationBuildStep$checkForBuildTimeConfigChange1532146938.deploy_8(Unknown Source)
2024-11-15T02:09:25.5755747Z 	at io.quarkus.deployment.steps.ConfigGenerationBuildStep$checkForBuildTimeConfigChange1532146938.deploy(Unknown Source)

CC @radcortez @gsmet

@cescoffier
Copy link
Member

I'm a bit worried about the SSL IT issues. It can come from a change in Netty (we know that that code changed) or the PR from Franz changing the allocator when using SSL (the PR should have been super defensive, but never know)

@cescoffier
Copy link
Member

io.quarkus.smallrye.reactivemessaging.hotreload.ConnectorChangeTest.testUpdatingConnector is unlikely related. @ozangunalp is this a flaky test?

@jponge
Copy link
Member Author

jponge commented Nov 15, 2024

@mkouba I've tried running ./mvnw verify -f integration-tests/test-extension across Java 22 / 21 / 17 locally and could indeed reproduce the failure on 21. In my case I got the following failure:

[INFO] --- surefire:3.5.0:test (default-test) @ quarkus-integration-test-test-extension-tests ---
[INFO] Using auto detected provider org.apache.maven.surefire.junitplatform.JUnitPlatformProvider
[INFO] Using auto detected provider org.apache.maven.surefire.junitplatform.JUnitPlatformProvider
[INFO] Using auto detected provider org.apache.maven.surefire.junitplatform.JUnitPlatformProvider
[INFO]
[INFO] -------------------------------------------------------
[INFO]  T E S T S
[INFO] -------------------------------------------------------
[ERROR] projects/project-using-test-template-from-extension-processed/target/test-classes/org/acme/TemplatedNormalTest (wrong name: org/acme/TemplatedNormalTest)

I'm not sure this relates to the changes in this PR, it might be a different issue IMHO.

@jponge
Copy link
Member Author

jponge commented Nov 15, 2024

Edit: it failed also with 17

@jponge
Copy link
Member Author

jponge commented Nov 15, 2024

/cc @franz1981

@franz1981
Copy link
Contributor

the PR from Franz changing the allocator when using SSL

It was passing the tests on Vertx, which by default was still using the default approach, so...it should be fine(tm).

I can take an additional look If you're blocked @jponge ?

@cescoffier
Copy link
Member

IF we can be sure if comes from that, we would need to revert it and wait for another Vert.x release.

Copy link
Member

@cescoffier cescoffier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some Test failures are related.

@ozangunalp
Copy link
Contributor

io.quarkus.smallrye.reactivemessaging.hotreload.ConnectorChangeTest.testUpdatingConnector is unlikely related. @ozangunalp is this a flaky test?

Yes it is. I'd need to rewrite those tests when I find some time.

This comment has been minimized.

@jponge
Copy link
Member Author

jponge commented Nov 15, 2024

(let me redo my commits)

@jponge
Copy link
Member Author

jponge commented Nov 15, 2024

Here's a single commit 🚀

- Bump to Netty 4.1.115.Final and fix SSL-related substitutions due to internal Netty breaking changes
- Bump to Vert.x 4.5.11
- Bump Mutiny Vert.x bindings 3.16.0
- Re-aligned the Vert.x versions across Quarkus modules

Fixes CVE-2024-47535 with Netty 4.1.115.Final
@jponge
Copy link
Member Author

jponge commented Nov 15, 2024

@cescoffier pending another CI run completes, do you still want to hold on?

@cescoffier
Copy link
Member

Let's wait for that run to complete.

Copy link

quarkus-bot bot commented Nov 15, 2024

Status for workflow Quarkus CI

This is the status report for running Quarkus CI on commit 9fd8dcb.

✅ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

You can consult the Develocity build scans.


Flaky tests - Develocity

⚙️ JVM Tests - JDK 17

📦 extensions/smallrye-reactive-messaging/deployment

io.quarkus.smallrye.reactivemessaging.hotreload.ConnectorChangeTest.testUpdatingConnector - History

  • Expecting actual: ["-4","-5","-6","-7","-8","-9","-10","-11"] to start with: ["-3", "-4", "-5", "-6"] - java.lang.AssertionError
java.lang.AssertionError: 

Expecting actual:
  ["-4","-5","-6","-7","-8","-9","-10","-11"]
to start with:
  ["-3", "-4", "-5", "-6"]

	at io.quarkus.smallrye.reactivemessaging.hotreload.ConnectorChangeTest.testUpdatingConnector(ConnectorChangeTest.java:36)

📦 integration-tests/opentelemetry-vertx-exporter

io.quarkus.it.opentelemetry.vertx.exporter.grpc.SimpleGrpcNoTLSNoCompressionTest.test - History

  • Assertion condition defined as a Lambda expression in io.quarkus.it.opentelemetry.vertx.exporter.AbstractExporterTest Expecting Optional to contain a value but it was empty within 30 seconds. - org.awaitility.core.ConditionTimeoutException
org.awaitility.core.ConditionTimeoutException: 
Assertion condition defined as a Lambda expression in io.quarkus.it.opentelemetry.vertx.exporter.AbstractExporterTest 
Expecting Optional to contain a value but it was empty within 30 seconds.
	at org.awaitility.core.ConditionAwaiter.await(ConditionAwaiter.java:167)
	at org.awaitility.core.AssertionCondition.await(AssertionCondition.java:119)
	at org.awaitility.core.AssertionCondition.await(AssertionCondition.java:31)
	at org.awaitility.core.ConditionFactory.until(ConditionFactory.java:1006)
	at org.awaitility.core.ConditionFactory.untilAsserted(ConditionFactory.java:790)

⚙️ JVM Tests - JDK 21

📦 extensions/panache/hibernate-reactive-rest-data-panache/deployment

io.quarkus.hibernate.reactive.rest.data.panache.deployment.repository.PanacheRepositoryResourcePutMethodTest.shouldUpdateComplexObject - History

  • 1 expectation failed. JSON path name doesn't match. Expected: is "updated collection" Actual: empty collection - java.lang.AssertionError
java.lang.AssertionError: 
1 expectation failed.
JSON path name doesn't match.
Expected: is "updated collection"
  Actual: empty collection

	at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:502)
	at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:486)

Copy link
Member

@cescoffier cescoffier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are good to go. I would wait a bit before backporting
(even if it will need backport)

@cescoffier cescoffier merged commit e44e07e into quarkusio:main Nov 17, 2024
52 checks passed
@quarkus-bot quarkus-bot bot added this to the 3.18 - main milestone Nov 17, 2024
@miguelborges99
Copy link

Will this be applied also in the LTS version?

@geoand
Copy link
Contributor

geoand commented Nov 17, 2024

That's what the backport-3.15 label is for 😉.

But as Clement said, we need some bake time to ensure it doesn't cause any problems

@cescoffier
Copy link
Member

As I said in my last comment - yes, we want to backport it, but not immediately. There are some changes in Netty that need longer testing.

@franz1981
Copy link
Contributor

Yep, i Will send the PRs (or delegate) next week

@gsmet gsmet modified the milestones: 3.18 - main, 3.16.4 Nov 19, 2024
benkard pushed a commit to benkard/quarkus-googlecloud-jsonlogging that referenced this pull request Nov 27, 2024
…oud-jsonlogging!25)

This MR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [io.quarkus:quarkus-extension-processor](https://github.com/quarkusio/quarkus) |  | minor | `3.16.3` -> `3.17.0` |
| [io.quarkus:quarkus-extension-maven-plugin](https://github.com/quarkusio/quarkus) | build | minor | `3.16.3` -> `3.17.0` |
| [io.quarkus:quarkus-bom](https://github.com/quarkusio/quarkus) | import | minor | `3.16.3` -> `3.17.0` |
| [io.quarkus:quarkus-maven-plugin](https://github.com/quarkusio/quarkus) | build | minor | `3.16.3` -> `3.17.0` |
| [org.jboss.logmanager:jboss-logmanager](https://jboss.org) ([source](https://github.com/jboss-logging/jboss-logmanager)) | optional | minor | `3.0.6.Final` -> `3.1.0.Final` |

---

### Release Notes

<details>
<summary>quarkusio/quarkus</summary>

### [`v3.17.0`](quarkusio/quarkus@3.16.4...3.17.0)

[Compare Source](quarkusio/quarkus@3.16.4...3.17.0)

### [`v3.16.4`](https://github.com/quarkusio/quarkus/releases/tag/3.16.4)

[Compare Source](quarkusio/quarkus@3.16.3...3.16.4)

##### Complete changelog

-   [#&#8203;37040](quarkusio/quarkus#37040) - The flyway extension generates Kubernetes resources as if quarkus.flyway.enabled was a runtime property
-   [#&#8203;42446](quarkusio/quarkus#42446) - Add explanation/concept for extension maturity model
-   [#&#8203;44367](quarkusio/quarkus#44367) - Gradle 3.16 fails with missing required property `additionalForcedProperties`
-   [#&#8203;44399](quarkusio/quarkus#44399) - Declaring explicitly the build service in the QuarkusBuildTask
-   [#&#8203;44433](quarkusio/quarkus#44433) - Reflection free serializers ArrayIndexOutOfBoundsException
-   [#&#8203;44438](quarkusio/quarkus#44438) - Gradle `buildForkOptions` no longer used since quarkus 3.16.1
-   [#&#8203;44457](quarkusio/quarkus#44457) - Support for short and uncommon field names like set, get, and is
-   [#&#8203;44468](quarkusio/quarkus#44468) - Use `QUARKUS_FLYWAY_ACTIVE` instead of `QUARKUS_FLYWAY_ENABLED` env in Kubernetes resources
-   [#&#8203;44472](quarkusio/quarkus#44472) - Kotlin native Jackson serialization regression: EmptyList & EmptyMap missing
-   [#&#8203;44480](quarkusio/quarkus#44480) - Fix nullpointer on null code websockets-next
-   [#&#8203;44493](quarkusio/quarkus#44493) - Using BuildForkOptions in QuarkusBuildTask
-   [#&#8203;44494](quarkusio/quarkus#44494) - Register Kotlin's empty list and map for reflection
-   [#&#8203;44505](quarkusio/quarkus#44505) - Log in smallrye-jwt and oauth2 extensions when no bearer access token is available
-   [#&#8203;44507](quarkusio/quarkus#44507) - Fixed Timestamp not being set for otel log signals
-   [#&#8203;44509](quarkusio/quarkus#44509) - Updates to Infinispan 15.0.11.Final
-   [#&#8203;44515](quarkusio/quarkus#44515) - Coordinated Vert.x 4.5.11 upgrades
-   [#&#8203;44531](quarkusio/quarkus#44531) - Correct image file name to resolve broken image
-   [#&#8203;44537](quarkusio/quarkus#44537) - Update smallrye-jwt to 4.6.1
-   [#&#8203;44545](quarkusio/quarkus#44545) - Wrong index of ParameterizedType argument of Map when register type to be generated in JacksonCodeGenerator
-   [#&#8203;44571](quarkusio/quarkus#44571) - Update `CacheJsonRPCService.java` reference
-   [#&#8203;44574](quarkusio/quarkus#44574) - Grammar corrections for en-us

</details>

<details>
<summary>jboss-logging/jboss-logmanager</summary>

### [`v3.1.0.Final`](https://github.com/jboss-logging/jboss-logmanager/releases/tag/v3.1.0.Final): 3.1.0.Final

[Compare Source](jboss-logging/jboss-logmanager@3.0.6.Final...v3.1.0.Final)

#### What's Changed

-   \[LOGMGR-345] Ensure logger FQCN is correct for system logger by [@&#8203;dmlloyd](https://github.com/dmlloyd) in jboss-logging/jboss-logmanager#457
-   Migrate tests to keep the log files that were created. Put the log fi… by [@&#8203;jamezp](https://github.com/jamezp) in jboss-logging/jboss-logmanager#459
-   Bump org.junit:junit-bom from 5.10.1 to 5.10.2 by [@&#8203;dependabot](https://github.com/dependabot) in jboss-logging/jboss-logmanager#461
-   \[LOGMGR-346] Bump org.jboss.modules:jboss-modules from 2.1.2.Final to 2.1.3.Final by [@&#8203;dependabot](https://github.com/dependabot) in jboss-logging/jboss-logmanager#462
-   \[LOGMGR-347] Do not use deprecated SmallRye Common OS `Process` by [@&#8203;dmlloyd](https://github.com/dmlloyd) in jboss-logging/jboss-logmanager#464
-   \[LOGMGR-349] Bump org.eclipse.parsson:parsson from 1.1.5 to 1.1.6 by [@&#8203;dependabot](https://github.com/dependabot) in jboss-logging/jboss-logmanager#466
-   \[LOGMGR-351] Fix periodic file rotation by week, month, year. by [@&#8203;alex-pumpkin](https://github.com/alex-pumpkin) in jboss-logging/jboss-logmanager#468
-   Bump org.jboss.modules:jboss-modules from 2.1.3.Final to 2.1.5.Final by [@&#8203;dependabot](https://github.com/dependabot) in jboss-logging/jboss-logmanager#467
-   \[LOGMGR-350] Avoid TCCL when configuring the log manager by [@&#8203;dmlloyd](https://github.com/dmlloyd) in jboss-logging/jboss-logmanager#469
-   \[LOGMGR-351] Remove the deprecated per-deployment logging options. by [@&#8203;jamezp](https://github.com/jamezp) in jboss-logging/jboss-logmanager#471
-   Bump org.junit:junit-bom from 5.10.2 to 5.10.3 by [@&#8203;dependabot](https://github.com/dependabot) in jboss-logging/jboss-logmanager#478
-   Bump org.jboss.byteman:byteman-bmunit5 from 4.0.22 to 4.0.23 by [@&#8203;dependabot](https://github.com/dependabot) in jboss-logging/jboss-logmanager#476
-   Bump org.junit:junit-bom from 5.10.3 to 5.11.2 by [@&#8203;dependabot](https://github.com/dependabot) in jboss-logging/jboss-logmanager#488
-   Bump org.junit:junit-bom from 5.11.2 to 5.11.3 by [@&#8203;dependabot](https://github.com/dependabot) in jboss-logging/jboss-logmanager#490
-   \[LOGMGR-354] Avoid expensive JLine setup on JDK 23+ by [@&#8203;dmlloyd](https://github.com/dmlloyd) in jboss-logging/jboss-logmanager#491
-   Save head encoding on sanitized String(s) by [@&#8203;franz1981](https://github.com/franz1981) in jboss-logging/jboss-logmanager#492
-   Use `NO_FORMAT` when using parameterless log methods by [@&#8203;dmlloyd](https://github.com/dmlloyd) in jboss-logging/jboss-logmanager#493
-   Switch to formal module descriptor by [@&#8203;dmlloyd](https://github.com/dmlloyd) in jboss-logging/jboss-logmanager#494
-   Module descriptor updates by [@&#8203;dmlloyd](https://github.com/dmlloyd) in jboss-logging/jboss-logmanager#496
-   Bump org.jboss.modules:jboss-modules from 2.1.5.Final to 2.1.6.Final by [@&#8203;dependabot](https://github.com/dependabot) in jboss-logging/jboss-logmanager#495
-   Add smart service provider method by [@&#8203;dmlloyd](https://github.com/dmlloyd) in jboss-logging/jboss-logmanager#497

#### New Contributors

-   [@&#8203;alex-pumpkin](https://github.com/alex-pumpkin) made their first contribution in jboss-logging/jboss-logmanager#468
-   [@&#8203;franz1981](https://github.com/franz1981) made their first contribution in jboss-logging/jboss-logmanager#492

**Full Changelog**: jboss-logging/jboss-logmanager@3.0.4.Final...v3.1.0.Final

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever MR is behind base branch, or you tick the rebase/retry checkbox.

👻 **Immortal**: This MR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4yNC4wIiwidXBkYXRlZEluVmVyIjoiMzQuMjQuMCJ9-->
@gsmet gsmet modified the milestones: 3.16.4, 3.15.3 Dec 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

9 participants