Skip to content

Commit

Permalink
Coordinated Vert.x 4.5.11 upgrades
Browse files Browse the repository at this point in the history 
- Bump to Netty 4.1.115.Final and fix SSL-related substitutions due to internal Netty breaking changes
- Bump to Vert.x 4.5.11
- Bump Mutiny Vert.x bindings 3.16.0
- Re-aligned the Vert.x versions across Quarkus modules

Fixes CVE-2024-47535 with Netty 4.1.115.Final
  • Loading branch information
@jponge
jponge committed Nov 15, 2024
1 parent 69c0b8e commit 9fd8dcb
Show file tree
Hide file tree
Showing 4 changed files with 43 additions and 29 deletions.
6 changes: 3 additions & 3 deletions bom/application/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@
<smallrye-context-propagation.version>2.1.2</smallrye-context-propagation.version>
<smallrye-reactive-streams-operators.version>1.0.13</smallrye-reactive-streams-operators.version>
<smallrye-reactive-types-converter.version>3.0.1</smallrye-reactive-types-converter.version>
<smallrye-mutiny-vertx-binding.version>3.15.0</smallrye-mutiny-vertx-binding.version>
<smallrye-mutiny-vertx-binding.version>3.16.0</smallrye-mutiny-vertx-binding.version>
<smallrye-reactive-messaging.version>4.25.0</smallrye-reactive-messaging.version>
<smallrye-stork.version>2.7.0</smallrye-stork.version>
<jakarta.activation.version>2.1.3</jakarta.activation.version>
Expand Down Expand Up @@ -110,7 +110,7 @@
<wildfly-elytron.version>2.6.0.Final</wildfly-elytron.version>
<jboss-marshalling.version>2.2.1.Final</jboss-marshalling.version>
<jboss-threads.version>3.8.0.Final</jboss-threads.version>
<vertx.version>4.5.10</vertx.version>
<vertx.version>4.5.11</vertx.version>
<httpclient.version>4.5.14</httpclient.version>
<httpcore.version>4.4.16</httpcore.version>
<httpasync.version>4.1.5</httpasync.version>
Expand All @@ -132,7 +132,7 @@
<infinispan.version>15.0.10.Final</infinispan.version>
<infinispan.protostream.version>5.0.12.Final</infinispan.protostream.version>
<caffeine.version>3.1.8</caffeine.version>
<netty.version>4.1.111.Final</netty.version>
<netty.version>4.1.115.Final</netty.version>
<brotli4j.version>1.16.0</brotli4j.version>
<reactive-streams.version>1.0.4</reactive-streams.version>
<jboss-logging.version>3.6.1.Final</jboss-logging.version>
Expand Down
60 changes: 37 additions & 23 deletions ...nsions/netty/runtime/src/main/java/io/quarkus/netty/runtime/graal/NettySubstitutions.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -173,20 +173,22 @@ final class Target_io_netty_handler_ssl_JdkSslServerContext {
KeyManagerFactory keyManagerFactory, Iterable<String> ciphers, CipherSuiteFilter cipherFilter,
ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout,
ClientAuth clientAuth, String[] protocols, boolean startTls,
SecureRandom secureRandom, String keyStore) throws SSLException {
SecureRandom secureRandom, String keyStore, Target_io_netty_handler_ssl_ResumptionController resumptionController)
throws SSLException {
}
}

@TargetClass(className = "io.netty.handler.ssl.JdkSslClientContext")
final class Target_io_netty_handler_ssl_JdkSslClientContext {

@Alias
Target_io_netty_handler_ssl_JdkSslClientContext(Provider sslContextProvider, X509Certificate[] trustCertCollection,
TrustManagerFactory trustManagerFactory, X509Certificate[] keyCertChain, PrivateKey key,
String keyPassword, KeyManagerFactory keyManagerFactory, Iterable<String> ciphers,
CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, String[] protocols,
long sessionCacheSize, long sessionTimeout, SecureRandom secureRandom,
String keyStoreType) throws SSLException {
Target_io_netty_handler_ssl_JdkSslClientContext(Provider sslContextProvider,
X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory,
X509Certificate[] keyCertChain, PrivateKey key, String keyPassword,
KeyManagerFactory keyManagerFactory, Iterable<String> ciphers, CipherSuiteFilter cipherFilter,
ApplicationProtocolConfig apn, String[] protocols, long sessionCacheSize, long sessionTimeout,
SecureRandom secureRandom, String keyStoreType, String endpointIdentificationAlgorithm,
Target_io_netty_handler_ssl_ResumptionController resumptionController) throws SSLException {
}
}

Expand Down Expand Up @@ -222,43 +224,55 @@ final class Target_io_netty_handler_ssl_JdkAlpnSslEngine {
}
}

@TargetClass(className = "io.netty.handler.ssl.ResumptionController")
final class Target_io_netty_handler_ssl_ResumptionController {

@Alias
Target_io_netty_handler_ssl_ResumptionController() {

}
}

@TargetClass(className = "io.netty.handler.ssl.SslContext")
final class Target_io_netty_handler_ssl_SslContext {

@Substitute
static SslContext newServerContextInternal(SslProvider provider, Provider sslContextProvider,
static SslContext newServerContextInternal(SslProvider provider,
Provider sslContextProvider,
X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory,
X509Certificate[] keyCertChain, PrivateKey key, String keyPassword,
KeyManagerFactory keyManagerFactory, Iterable<String> ciphers,
CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn,
long sessionCacheSize, long sessionTimeout, ClientAuth clientAuth,
String[] protocols, boolean startTls, boolean enableOcsp,
SecureRandom secureRandom, String keyStoreType,
X509Certificate[] keyCertChain, PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory,
Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn,
long sessionCacheSize, long sessionTimeout, ClientAuth clientAuth, String[] protocols, boolean startTls,
boolean enableOcsp, SecureRandom secureRandom, String keyStoreType,
Map.Entry<SslContextOption<?>, Object>... ctxOptions) throws SSLException {
if (enableOcsp) {
throw new IllegalArgumentException("OCSP is not supported with this SslProvider: " + provider);
}
Target_io_netty_handler_ssl_ResumptionController resumptionController = new Target_io_netty_handler_ssl_ResumptionController();
return (SslContext) (Object) new Target_io_netty_handler_ssl_JdkSslServerContext(sslContextProvider,
trustCertCollection, trustManagerFactory, keyCertChain, key, keyPassword,
keyManagerFactory, ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout,
clientAuth, protocols, startTls, secureRandom, keyStoreType);
clientAuth, protocols, startTls, secureRandom, keyStoreType, resumptionController);
}

@Substitute
static SslContext newClientContextInternal(SslProvider provider, Provider sslContextProvider,
X509Certificate[] trustCert,
TrustManagerFactory trustManagerFactory, X509Certificate[] keyCertChain, PrivateKey key, String keyPassword,
KeyManagerFactory keyManagerFactory, Iterable<String> ciphers, CipherSuiteFilter cipherFilter,
ApplicationProtocolConfig apn, String[] protocols, long sessionCacheSize, long sessionTimeout,
boolean enableOcsp, SecureRandom secureRandom,
String keyStoreType, Map.Entry<SslContextOption<?>, Object>... options) throws SSLException {
static SslContext newClientContextInternal(SslProvider provider,
Provider sslContextProvider,
X509Certificate[] trustCert, TrustManagerFactory trustManagerFactory,
X509Certificate[] keyCertChain, PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory,
Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, String[] protocols,
long sessionCacheSize, long sessionTimeout, boolean enableOcsp,
SecureRandom secureRandom, String keyStoreType, String endpointIdentificationAlgorithm,
Map.Entry<SslContextOption<?>, Object>... options) throws SSLException {
if (enableOcsp) {
throw new IllegalArgumentException("OCSP is not supported with this SslProvider: " + provider);
}
Target_io_netty_handler_ssl_ResumptionController resumptionController = new Target_io_netty_handler_ssl_ResumptionController();
return (SslContext) (Object) new Target_io_netty_handler_ssl_JdkSslClientContext(sslContextProvider,
trustCert, trustManagerFactory, keyCertChain, key, keyPassword,
keyManagerFactory, ciphers, cipherFilter, apn, protocols, sessionCacheSize,
sessionTimeout, secureRandom, keyStoreType);
sessionTimeout, secureRandom, keyStoreType, endpointIdentificationAlgorithm,
resumptionController);
}

}
Expand Down
4 changes: 2 additions & 2 deletions independent-projects/resteasy-reactive/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@

<mutiny.version>2.6.2</mutiny.version>
<smallrye-common.version>2.8.0</smallrye-common.version>
<vertx.version>4.5.9</vertx.version>
<vertx.version>4.5.11</vertx.version>
<rest-assured.version>5.5.0</rest-assured.version>
<commons-logging-jboss-logging.version>1.0.0.Final</commons-logging-jboss-logging.version>
<jackson-bom.version>2.18.1</jackson-bom.version>
Expand All @@ -67,7 +67,7 @@
<yasson.version>3.0.4</yasson.version>
<jakarta.json.bind-api.version>3.0.1</jakarta.json.bind-api.version>
<awaitility.version>4.2.2</awaitility.version>
<smallrye-mutiny-vertx-core.version>3.13.2</smallrye-mutiny-vertx-core.version>
<smallrye-mutiny-vertx-core.version>3.16.0</smallrye-mutiny-vertx-core.version>
<reactive-streams.version>1.0.4</reactive-streams.version>
<mockito.version>5.14.2</mockito.version>
<mutiny-zero.version>1.1.0</mutiny-zero.version>
Expand Down
2 changes: 1 addition & 1 deletion independent-projects/vertx-utils/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@

<properties>
<jboss-logging.version>3.6.1.Final</jboss-logging.version>
<vertx.version>4.5.7</vertx.version>
<vertx.version>4.5.11</vertx.version>
</properties>

<dependencies>
Expand Down

0 comments on commit 9fd8dcb

Please sign in to comment.