Bump netty to 4.2.8.Final

[reta]

Description

Bump netty to 4.2.8.Final

Related Issues

N/A

Check List

• Functionality includes testing.
• API changes companion pull request created, if applicable.
• Public documentation issue/PR created, if applicable.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

Summary by CodeRabbit

Release Notes

• Chores
  • Updated Netty dependency from version 4.2.7.Final to 4.2.8.Final across all modules and plugins
  • Removed test mock provider implementation

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This pull request upgrades Netty from version 4.2.7.Final to 4.2.8.Final across the codebase. The version bump is recorded in the Gradle version catalog and changelog, with corresponding SHA-1 checksum files updated in multiple module and plugin license directories. Additionally, a test framework provider class is removed.

Changes

Cohort / File(s)	Summary
Dependency Version Update CHANGELOG.md, gradle/libs.versions.toml	Bumped Netty version from 4.2.7.Final to 4.2.8.Final in version catalog and added entry to unreleased 3.x dependencies section.
License Checksums – modules/transport-netty4 modules/transport-netty4/licenses/netty-*.{4.2.7,4.2.8}.Final.jar.sha1	Deleted 11 SHA-1 checksum files for netty-buffer, netty-codec, netty-codec-base, netty-codec-compression, netty-codec-http, netty-codec-http2, netty-common, netty-handler, netty-resolver, netty-transport, and netty-transport-native-unix-common versions 4.2.7.Final; added corresponding 4.2.8.Final checksums.
License Checksums – plugins/arrow-flight-rpc plugins/arrow-flight-rpc/licenses/netty-*.{4.2.7,4.2.8}.Final.jar.sha1	Deleted 12 SHA-1 checksum files for Netty 4.2.7.Final artifacts; added 12 corresponding 4.2.8.Final checksum files including buffer, codec, codec-base, codec-compression, codec-http, codec-http2, common, handler, resolver, transport, transport-classes-epoll, and transport-native-unix-common.
License Checksums – plugins/ingestion-kinesis plugins/ingestion-kinesis/licenses/netty-*.{4.2.7,4.2.8}.Final.jar.sha1	Removed 12 Netty 4.2.7.Final checksum files and added 12 corresponding 4.2.8.Final checksums for same artifact types as arrow-flight-rpc.
License Checksums – plugins/repository-azure plugins/repository-azure/licenses/netty-*.{4.2.7,4.2.8}.Final.jar.sha1	Deleted 8 Netty 4.2.7.Final checksum files (codec-base, codec-dns, codec-http2, codec-socks, handler-proxy, resolver-dns, transport-native-unix-common); added 8 corresponding 4.2.8.Final checksums.
License Checksums – plugins/repository-hdfs plugins/repository-hdfs/licenses/netty-all-{4.2.7,4.2.8}.Final.jar.sha1	Replaced netty-all 4.2.7.Final checksum with 4.2.8.Final version.
License Checksums – plugins/repository-s3 plugins/repository-s3/licenses/netty-*.{4.2.7,4.2.8}.Final.jar.sha1	Removed 12 Netty 4.2.7.Final checksum files; added 12 corresponding 4.2.8.Final checksums for buffer, codec, codec-base, codec-compression, codec-http, codec-http2, common, handler, resolver, transport, transport-classes-epoll, and transport-native-unix-common.
License Checksums – plugins/transport-reactor-netty4 plugins/transport-reactor-netty4/licenses/netty-*.{4.2.7,4.2.8}.Final.jar.sha1	Deleted 15 Netty 4.2.7.Final checksum files; added 15 corresponding 4.2.8.Final checksums including codec-classes-quic and codec-dns variants alongside standard artifacts.
License Checksums – test/framework test/framework/licenses/netty-pkitesting-{4.2.7,4.2.8}.Final.jar.sha1	Replaced netty-pkitesting 4.2.7.Final checksum with 4.2.8.Final version.
Test Framework Cleanup test/framework/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java	Deleted mock BouncyCastleProvider class used for PKI testing; contained only a no-arg constructor and serialVersionUID field.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

• The changes are highly homogeneous and repetitive (SHA-1 checksum replacements across modules)
• Single version number bump in two configuration files with minimal impact
• One test utility class removal with no dependencies or references elsewhere
• No logic modifications, control flow changes, or functional impact
• Areas to review: Verify the new Netty version 4.2.8.Final is compatible with the codebase and that all checksum files are consistent across modules

Suggested reviewers

• peternied
• sandeshkr419

🐰 A hop and a skip, version numbers flip,
From 4.2.7 to 8, in checksums we trust,
Old provider removed with care and a grin,
Netty upgrades complete—let new features begin! ✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Bump netty to 4.2.8.Final' clearly and concisely describes the main change: updating the Netty dependency version.
Description check	✅ Passed	The description provides the required sections (Description, Related Issues, Check List) and includes the Apache 2.0 license confirmation. However, the Related Issues section only states 'N/A' and all checklist items remain unchecked.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b09dcc9 and f53268c.

📒 Files selected for processing (145)

• CHANGELOG.md (1 hunks)
• gradle/libs.versions.toml (1 hunks)
• modules/transport-netty4/licenses/netty-buffer-4.2.7.Final.jar.sha1 (0 hunks)
• modules/transport-netty4/licenses/netty-buffer-4.2.8.Final.jar.sha1 (1 hunks)
• modules/transport-netty4/licenses/netty-codec-4.2.7.Final.jar.sha1 (0 hunks)
• modules/transport-netty4/licenses/netty-codec-4.2.8.Final.jar.sha1 (1 hunks)
• modules/transport-netty4/licenses/netty-codec-base-4.2.7.Final.jar.sha1 (0 hunks)
• modules/transport-netty4/licenses/netty-codec-base-4.2.8.Final.jar.sha1 (1 hunks)
• modules/transport-netty4/licenses/netty-codec-compression-4.2.7.Final.jar.sha1 (0 hunks)
• modules/transport-netty4/licenses/netty-codec-compression-4.2.8.Final.jar.sha1 (1 hunks)
• modules/transport-netty4/licenses/netty-codec-http-4.2.7.Final.jar.sha1 (0 hunks)
• modules/transport-netty4/licenses/netty-codec-http-4.2.8.Final.jar.sha1 (1 hunks)
• modules/transport-netty4/licenses/netty-codec-http2-4.2.7.Final.jar.sha1 (0 hunks)
• modules/transport-netty4/licenses/netty-codec-http2-4.2.8.Final.jar.sha1 (1 hunks)
• modules/transport-netty4/licenses/netty-common-4.2.7.Final.jar.sha1 (0 hunks)
• modules/transport-netty4/licenses/netty-common-4.2.8.Final.jar.sha1 (1 hunks)
• modules/transport-netty4/licenses/netty-handler-4.2.7.Final.jar.sha1 (0 hunks)
• modules/transport-netty4/licenses/netty-handler-4.2.8.Final.jar.sha1 (1 hunks)
• modules/transport-netty4/licenses/netty-resolver-4.2.7.Final.jar.sha1 (0 hunks)
• modules/transport-netty4/licenses/netty-resolver-4.2.8.Final.jar.sha1 (1 hunks)
• modules/transport-netty4/licenses/netty-transport-4.2.7.Final.jar.sha1 (0 hunks)
• modules/transport-netty4/licenses/netty-transport-4.2.8.Final.jar.sha1 (1 hunks)
• modules/transport-netty4/licenses/netty-transport-native-unix-common-4.2.7.Final.jar.sha1 (0 hunks)
• modules/transport-netty4/licenses/netty-transport-native-unix-common-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/arrow-flight-rpc/licenses/netty-buffer-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/arrow-flight-rpc/licenses/netty-buffer-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/arrow-flight-rpc/licenses/netty-codec-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/arrow-flight-rpc/licenses/netty-codec-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/arrow-flight-rpc/licenses/netty-codec-base-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/arrow-flight-rpc/licenses/netty-codec-base-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/arrow-flight-rpc/licenses/netty-codec-compression-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/arrow-flight-rpc/licenses/netty-codec-compression-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/arrow-flight-rpc/licenses/netty-codec-http-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/arrow-flight-rpc/licenses/netty-codec-http-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/arrow-flight-rpc/licenses/netty-codec-http2-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/arrow-flight-rpc/licenses/netty-codec-http2-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/arrow-flight-rpc/licenses/netty-common-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/arrow-flight-rpc/licenses/netty-common-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/arrow-flight-rpc/licenses/netty-handler-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/arrow-flight-rpc/licenses/netty-handler-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/arrow-flight-rpc/licenses/netty-resolver-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/arrow-flight-rpc/licenses/netty-resolver-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/arrow-flight-rpc/licenses/netty-transport-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/arrow-flight-rpc/licenses/netty-transport-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/arrow-flight-rpc/licenses/netty-transport-classes-epoll-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/arrow-flight-rpc/licenses/netty-transport-classes-epoll-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/arrow-flight-rpc/licenses/netty-transport-native-unix-common-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/arrow-flight-rpc/licenses/netty-transport-native-unix-common-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/ingestion-kinesis/licenses/netty-buffer-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/ingestion-kinesis/licenses/netty-buffer-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/ingestion-kinesis/licenses/netty-codec-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/ingestion-kinesis/licenses/netty-codec-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/ingestion-kinesis/licenses/netty-codec-base-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/ingestion-kinesis/licenses/netty-codec-base-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/ingestion-kinesis/licenses/netty-codec-compression-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/ingestion-kinesis/licenses/netty-codec-compression-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/ingestion-kinesis/licenses/netty-codec-http-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/ingestion-kinesis/licenses/netty-codec-http-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/ingestion-kinesis/licenses/netty-codec-http2-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/ingestion-kinesis/licenses/netty-codec-http2-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/ingestion-kinesis/licenses/netty-common-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/ingestion-kinesis/licenses/netty-common-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/ingestion-kinesis/licenses/netty-handler-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/ingestion-kinesis/licenses/netty-handler-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/ingestion-kinesis/licenses/netty-resolver-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/ingestion-kinesis/licenses/netty-resolver-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/ingestion-kinesis/licenses/netty-transport-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/ingestion-kinesis/licenses/netty-transport-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/ingestion-kinesis/licenses/netty-transport-classes-epoll-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/ingestion-kinesis/licenses/netty-transport-classes-epoll-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/ingestion-kinesis/licenses/netty-transport-native-unix-common-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/ingestion-kinesis/licenses/netty-transport-native-unix-common-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/repository-azure/licenses/netty-codec-base-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/repository-azure/licenses/netty-codec-base-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/repository-azure/licenses/netty-codec-dns-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/repository-azure/licenses/netty-codec-dns-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/repository-azure/licenses/netty-codec-http2-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/repository-azure/licenses/netty-codec-http2-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/repository-azure/licenses/netty-codec-socks-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/repository-azure/licenses/netty-codec-socks-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/repository-azure/licenses/netty-handler-proxy-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/repository-azure/licenses/netty-handler-proxy-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/repository-azure/licenses/netty-resolver-dns-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/repository-azure/licenses/netty-resolver-dns-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/repository-azure/licenses/netty-transport-native-unix-common-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/repository-azure/licenses/netty-transport-native-unix-common-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/repository-hdfs/licenses/netty-all-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/repository-hdfs/licenses/netty-all-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/repository-s3/licenses/netty-buffer-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/repository-s3/licenses/netty-buffer-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/repository-s3/licenses/netty-codec-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/repository-s3/licenses/netty-codec-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/repository-s3/licenses/netty-codec-base-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/repository-s3/licenses/netty-codec-base-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/repository-s3/licenses/netty-codec-compression-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/repository-s3/licenses/netty-codec-compression-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/repository-s3/licenses/netty-codec-http-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/repository-s3/licenses/netty-codec-http-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/repository-s3/licenses/netty-codec-http2-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/repository-s3/licenses/netty-codec-http2-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/repository-s3/licenses/netty-common-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/repository-s3/licenses/netty-common-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/repository-s3/licenses/netty-handler-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/repository-s3/licenses/netty-handler-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/repository-s3/licenses/netty-resolver-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/repository-s3/licenses/netty-resolver-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/repository-s3/licenses/netty-transport-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/repository-s3/licenses/netty-transport-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/repository-s3/licenses/netty-transport-classes-epoll-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/repository-s3/licenses/netty-transport-classes-epoll-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/repository-s3/licenses/netty-transport-native-unix-common-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/repository-s3/licenses/netty-transport-native-unix-common-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/transport-reactor-netty4/licenses/netty-buffer-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/transport-reactor-netty4/licenses/netty-buffer-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/transport-reactor-netty4/licenses/netty-codec-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/transport-reactor-netty4/licenses/netty-codec-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/transport-reactor-netty4/licenses/netty-codec-base-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/transport-reactor-netty4/licenses/netty-codec-base-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/transport-reactor-netty4/licenses/netty-codec-classes-quic-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/transport-reactor-netty4/licenses/netty-codec-classes-quic-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/transport-reactor-netty4/licenses/netty-codec-compression-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/transport-reactor-netty4/licenses/netty-codec-compression-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/transport-reactor-netty4/licenses/netty-codec-dns-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/transport-reactor-netty4/licenses/netty-codec-dns-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/transport-reactor-netty4/licenses/netty-codec-http-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/transport-reactor-netty4/licenses/netty-codec-http-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/transport-reactor-netty4/licenses/netty-codec-http2-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/transport-reactor-netty4/licenses/netty-codec-http2-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/transport-reactor-netty4/licenses/netty-codec-http3-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/transport-reactor-netty4/licenses/netty-codec-http3-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/transport-reactor-netty4/licenses/netty-common-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/transport-reactor-netty4/licenses/netty-common-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/transport-reactor-netty4/licenses/netty-handler-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/transport-reactor-netty4/licenses/netty-handler-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/transport-reactor-netty4/licenses/netty-resolver-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/transport-reactor-netty4/licenses/netty-resolver-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/transport-reactor-netty4/licenses/netty-resolver-dns-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/transport-reactor-netty4/licenses/netty-resolver-dns-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/transport-reactor-netty4/licenses/netty-transport-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/transport-reactor-netty4/licenses/netty-transport-4.2.8.Final.jar.sha1 (1 hunks)
• plugins/transport-reactor-netty4/licenses/netty-transport-native-unix-common-4.2.7.Final.jar.sha1 (0 hunks)
• plugins/transport-reactor-netty4/licenses/netty-transport-native-unix-common-4.2.8.Final.jar.sha1 (1 hunks)
• test/framework/licenses/netty-pkitesting-4.2.7.Final.jar.sha1 (0 hunks)
• test/framework/licenses/netty-pkitesting-4.2.8.Final.jar.sha1 (1 hunks)
• test/framework/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java (0 hunks)

💤 Files with no reviewable changes (72)

• plugins/transport-reactor-netty4/licenses/netty-resolver-dns-4.2.7.Final.jar.sha1
• plugins/arrow-flight-rpc/licenses/netty-handler-4.2.7.Final.jar.sha1
• plugins/transport-reactor-netty4/licenses/netty-handler-4.2.7.Final.jar.sha1
• plugins/repository-azure/licenses/netty-codec-socks-4.2.7.Final.jar.sha1
• plugins/ingestion-kinesis/licenses/netty-buffer-4.2.7.Final.jar.sha1
• plugins/transport-reactor-netty4/licenses/netty-codec-http-4.2.7.Final.jar.sha1
• plugins/repository-azure/licenses/netty-resolver-dns-4.2.7.Final.jar.sha1
• modules/transport-netty4/licenses/netty-codec-4.2.7.Final.jar.sha1
• plugins/ingestion-kinesis/licenses/netty-transport-native-unix-common-4.2.7.Final.jar.sha1
• plugins/transport-reactor-netty4/licenses/netty-codec-base-4.2.7.Final.jar.sha1
• plugins/arrow-flight-rpc/licenses/netty-codec-compression-4.2.7.Final.jar.sha1
• plugins/repository-s3/licenses/netty-codec-http2-4.2.7.Final.jar.sha1
• plugins/arrow-flight-rpc/licenses/netty-transport-classes-epoll-4.2.7.Final.jar.sha1
• plugins/ingestion-kinesis/licenses/netty-transport-classes-epoll-4.2.7.Final.jar.sha1
• plugins/repository-s3/licenses/netty-buffer-4.2.7.Final.jar.sha1
• test/framework/licenses/netty-pkitesting-4.2.7.Final.jar.sha1
• plugins/ingestion-kinesis/licenses/netty-codec-base-4.2.7.Final.jar.sha1
• modules/transport-netty4/licenses/netty-codec-base-4.2.7.Final.jar.sha1
• plugins/ingestion-kinesis/licenses/netty-codec-compression-4.2.7.Final.jar.sha1
• plugins/arrow-flight-rpc/licenses/netty-transport-4.2.7.Final.jar.sha1
• plugins/repository-s3/licenses/netty-transport-native-unix-common-4.2.7.Final.jar.sha1
• plugins/ingestion-kinesis/licenses/netty-handler-4.2.7.Final.jar.sha1
• plugins/transport-reactor-netty4/licenses/netty-codec-classes-quic-4.2.7.Final.jar.sha1
• plugins/repository-s3/licenses/netty-common-4.2.7.Final.jar.sha1
• modules/transport-netty4/licenses/netty-codec-compression-4.2.7.Final.jar.sha1
• plugins/transport-reactor-netty4/licenses/netty-codec-http3-4.2.7.Final.jar.sha1
• plugins/transport-reactor-netty4/licenses/netty-buffer-4.2.7.Final.jar.sha1
• plugins/transport-reactor-netty4/licenses/netty-codec-dns-4.2.7.Final.jar.sha1
• plugins/transport-reactor-netty4/licenses/netty-codec-4.2.7.Final.jar.sha1
• plugins/ingestion-kinesis/licenses/netty-codec-http2-4.2.7.Final.jar.sha1
• plugins/repository-azure/licenses/netty-codec-dns-4.2.7.Final.jar.sha1
• plugins/arrow-flight-rpc/licenses/netty-codec-http2-4.2.7.Final.jar.sha1
• plugins/arrow-flight-rpc/licenses/netty-codec-4.2.7.Final.jar.sha1
• plugins/ingestion-kinesis/licenses/netty-codec-http-4.2.7.Final.jar.sha1
• plugins/ingestion-kinesis/licenses/netty-common-4.2.7.Final.jar.sha1
• modules/transport-netty4/licenses/netty-codec-http-4.2.7.Final.jar.sha1
• plugins/repository-azure/licenses/netty-transport-native-unix-common-4.2.7.Final.jar.sha1
• plugins/arrow-flight-rpc/licenses/netty-resolver-4.2.7.Final.jar.sha1
• plugins/repository-hdfs/licenses/netty-all-4.2.7.Final.jar.sha1
• plugins/transport-reactor-netty4/licenses/netty-codec-compression-4.2.7.Final.jar.sha1
• modules/transport-netty4/licenses/netty-codec-http2-4.2.7.Final.jar.sha1
• plugins/arrow-flight-rpc/licenses/netty-buffer-4.2.7.Final.jar.sha1
• plugins/arrow-flight-rpc/licenses/netty-common-4.2.7.Final.jar.sha1
• plugins/transport-reactor-netty4/licenses/netty-resolver-4.2.7.Final.jar.sha1
• plugins/repository-s3/licenses/netty-transport-4.2.7.Final.jar.sha1
• plugins/repository-s3/licenses/netty-codec-compression-4.2.7.Final.jar.sha1
• modules/transport-netty4/licenses/netty-transport-native-unix-common-4.2.7.Final.jar.sha1
• modules/transport-netty4/licenses/netty-transport-4.2.7.Final.jar.sha1
• plugins/repository-s3/licenses/netty-resolver-4.2.7.Final.jar.sha1
• plugins/repository-s3/licenses/netty-handler-4.2.7.Final.jar.sha1
• plugins/repository-s3/licenses/netty-transport-classes-epoll-4.2.7.Final.jar.sha1
• plugins/arrow-flight-rpc/licenses/netty-transport-native-unix-common-4.2.7.Final.jar.sha1
• plugins/repository-s3/licenses/netty-codec-http-4.2.7.Final.jar.sha1
• plugins/repository-azure/licenses/netty-codec-base-4.2.7.Final.jar.sha1
• plugins/transport-reactor-netty4/licenses/netty-common-4.2.7.Final.jar.sha1
• plugins/repository-azure/licenses/netty-codec-http2-4.2.7.Final.jar.sha1
• plugins/transport-reactor-netty4/licenses/netty-transport-native-unix-common-4.2.7.Final.jar.sha1
• plugins/arrow-flight-rpc/licenses/netty-codec-http-4.2.7.Final.jar.sha1
• plugins/ingestion-kinesis/licenses/netty-transport-4.2.7.Final.jar.sha1
• plugins/ingestion-kinesis/licenses/netty-codec-4.2.7.Final.jar.sha1
• modules/transport-netty4/licenses/netty-resolver-4.2.7.Final.jar.sha1
• plugins/repository-azure/licenses/netty-handler-proxy-4.2.7.Final.jar.sha1
• plugins/repository-s3/licenses/netty-codec-4.2.7.Final.jar.sha1
• plugins/repository-s3/licenses/netty-codec-base-4.2.7.Final.jar.sha1
• plugins/ingestion-kinesis/licenses/netty-resolver-4.2.7.Final.jar.sha1
• test/framework/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java
• plugins/transport-reactor-netty4/licenses/netty-transport-4.2.7.Final.jar.sha1
• modules/transport-netty4/licenses/netty-common-4.2.7.Final.jar.sha1
• plugins/transport-reactor-netty4/licenses/netty-codec-http2-4.2.7.Final.jar.sha1
• modules/transport-netty4/licenses/netty-buffer-4.2.7.Final.jar.sha1
• modules/transport-netty4/licenses/netty-handler-4.2.7.Final.jar.sha1
• plugins/arrow-flight-rpc/licenses/netty-codec-base-4.2.7.Final.jar.sha1

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-12-12T18:40:01.303Z

Learnt from: reta
Repo: opensearch-project/OpenSearch PR: 20017
File: plugins/transport-reactor-netty4/src/test/java/org/opensearch/http/reactor/netty4/ssl/SecureReactorNetty4HttpServerTransportTests.java:256-256
Timestamp: 2025-12-12T18:40:01.303Z
Learning: In the OpenSearch ReactorNetty4 secure HTTP transport tests (plugins/transport-reactor-netty4/src/test/java/org/opensearch/http/reactor/netty4/ssl/SecureReactorNetty4HttpServerTransportTests.java), URI limit validation has been moved from the protocol layer to the transport layer, making it protocol-agnostic. The random protocol selection in ReactorHttpClient.https(settings) is intentional to ensure all tests validate correct behavior across HTTP/1.1, HTTP/2, and HTTP/3.

Applied to files:

• plugins/transport-reactor-netty4/licenses/netty-codec-4.2.8.Final.jar.sha1
• plugins/transport-reactor-netty4/licenses/netty-resolver-4.2.8.Final.jar.sha1
• plugins/transport-reactor-netty4/licenses/netty-codec-http-4.2.8.Final.jar.sha1
• plugins/transport-reactor-netty4/licenses/netty-buffer-4.2.8.Final.jar.sha1
• plugins/transport-reactor-netty4/licenses/netty-codec-classes-quic-4.2.8.Final.jar.sha1
• plugins/transport-reactor-netty4/licenses/netty-codec-http2-4.2.8.Final.jar.sha1
• plugins/transport-reactor-netty4/licenses/netty-transport-4.2.8.Final.jar.sha1
• plugins/transport-reactor-netty4/licenses/netty-codec-dns-4.2.8.Final.jar.sha1
• plugins/transport-reactor-netty4/licenses/netty-codec-base-4.2.8.Final.jar.sha1
• plugins/transport-reactor-netty4/licenses/netty-common-4.2.8.Final.jar.sha1
• plugins/transport-reactor-netty4/licenses/netty-codec-http3-4.2.8.Final.jar.sha1
• plugins/transport-reactor-netty4/licenses/netty-handler-4.2.8.Final.jar.sha1

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (21)

• GitHub Check: gradle-check
• GitHub Check: precommit (21, windows-2025, true)
• GitHub Check: precommit (21, windows-latest)
• GitHub Check: precommit (21, macos-15-intel)
• GitHub Check: precommit (25, macos-15-intel)
• GitHub Check: precommit (25, macos-15)
• GitHub Check: precommit (25, windows-latest)
• GitHub Check: precommit (25, ubuntu-24.04-arm)
• GitHub Check: precommit (21, ubuntu-latest)
• GitHub Check: precommit (21, macos-15)
• GitHub Check: precommit (21, ubuntu-24.04-arm)
• GitHub Check: precommit (25, ubuntu-latest)
• GitHub Check: detect-breaking-change
• GitHub Check: assemble (25, ubuntu-24.04-arm)
• GitHub Check: assemble (25, windows-latest)
• GitHub Check: assemble (21, ubuntu-latest)
• GitHub Check: assemble (21, windows-latest)
• GitHub Check: assemble (21, ubuntu-24.04-arm)
• GitHub Check: assemble (25, ubuntu-latest)
• GitHub Check: Analyze (java)
• GitHub Check: Mend Security Check

🔇 Additional comments (31)

plugins/repository-azure/licenses/netty-codec-socks-4.2.8.Final.jar.sha1 (1)

1-1: Verify SHA-1 checksum matches the actual artifact.

The SHA-1 hash is properly formatted (40 hexadecimal characters). However, ensure this checksum corresponds to the actual netty-codec-socks-4.2.8.Final.jar artifact from the Maven/Gradle repository.

plugins/repository-hdfs/licenses/netty-all-4.2.8.Final.jar.sha1 (1)

1-1: SHA-1 checksum file format is correct.

The hash value is properly formatted (40 hexadecimal characters) and follows the project's checksum naming and placement conventions. This is the only netty-all-4.2.8.Final.jar.sha1 file in the repository.

plugins/repository-azure/licenses/netty-transport-native-unix-common-4.2.8.Final.jar.sha1 (1)

1-1: The SHA-1 checksum format is valid, and Netty 4.2.8.Final is a legitimate stable release with no outstanding critical security vulnerabilities. All known CVEs affecting the 4.2.x train (CVE-2025-59419, CVE-2025-58056, CVE-2025-58057, CVE-2025-55163) are fixed in this version. Related checksum files for other Netty modules are consistently present in the repository, indicating proper dependency management across the codebase.

plugins/transport-reactor-netty4/licenses/netty-codec-classes-quic-4.2.8.Final.jar.sha1 (1)

1-1: Netty 4.2.8.Final does not exist — revert to 4.2.7.Final or wait for official release.

Maven Central returns 404 for the netty-codec-classes-quic-4.2.8.Final.jar artifact, and web search confirms that Netty 4.2.8.Final has not been released. The latest available version is 4.2.7.Final (released 15 Oct 2025). The SHA-1 checksum cannot be verified because the artifact does not exist on Maven Central. This change introduces a dependency on a non-existent version and must be corrected.

⛔ Skipped due to learnings

Learnt from: reta
Repo: opensearch-project/OpenSearch PR: 20017
File: plugins/transport-reactor-netty4/src/test/java/org/opensearch/http/reactor/netty4/ssl/SecureReactorNetty4HttpServerTransportTests.java:256-256
Timestamp: 2025-12-12T18:40:01.303Z
Learning: In the OpenSearch ReactorNetty4 secure HTTP transport tests (plugins/transport-reactor-netty4/src/test/java/org/opensearch/http/reactor/netty4/ssl/SecureReactorNetty4HttpServerTransportTests.java), URI limit validation has been moved from the protocol layer to the transport layer, making it protocol-agnostic. The random protocol selection in ReactorHttpClient.https(settings) is intentional to ensure all tests validate correct behavior across HTTP/1.1, HTTP/2, and HTTP/3.

modules/transport-netty4/licenses/netty-common-4.2.8.Final.jar.sha1 (1)

1-1: Verify the SHA-1 checksum for netty-common-4.2.8.Final.jar from Maven Central's official artifact.

Netty 4.2.8.Final was released on December 12, 2025, and includes a fix for CVE-2025-59419 (SMTP CRLF injection). Ensure the provided SHA-1 hash matches the official artifact to prevent supply chain attacks. Direct verification against Maven Central or the project's official release checksums is recommended.

plugins/repository-azure/licenses/netty-codec-base-4.2.8.Final.jar.sha1 (1)

1-1: Looks correct; please verify the digest matches the resolved jar (and newline consistency).

If you have a license/checksum verification task (or CI step), please ensure it passes for this artifact and that the file formatting matches repo conventions (e.g., trailing newline).

plugins/repository-s3/licenses/netty-handler-4.2.8.Final.jar.sha1 (1)

1-1: Looks correct; please verify the digest matches the resolved jar (and newline consistency).

plugins/repository-azure/licenses/netty-handler-proxy-4.2.8.Final.jar.sha1 (1)

1-1: Looks correct; please verify the digest matches the resolved jar (and newline consistency).

plugins/arrow-flight-rpc/licenses/netty-resolver-4.2.8.Final.jar.sha1 (1)

1-1: Looks correct; please verify the digest matches the resolved jar (and newline consistency).

plugins/ingestion-kinesis/licenses/netty-codec-http-4.2.8.Final.jar.sha1 (1)

1-1: Looks correct; please verify the digest matches the resolved jar (and newline consistency).

plugins/repository-s3/licenses/netty-codec-http2-4.2.8.Final.jar.sha1 (1)

1-1: Looks correct; please verify the digest matches the resolved jar (and newline consistency).

plugins/transport-reactor-netty4/licenses/netty-common-4.2.8.Final.jar.sha1 (1)

1-1: Looks correct; please verify the digest matches the resolved jar (and newline consistency).

test/framework/licenses/netty-pkitesting-4.2.8.Final.jar.sha1 (1)

1-1: Looks correct; please verify the digest matches the resolved jar (and newline consistency).

plugins/ingestion-kinesis/licenses/netty-codec-4.2.8.Final.jar.sha1 (1)

1-1: Checksum file looks structurally correct; please verify hash matches the resolved JAR (and newline expectations).

Since this is an integrity artifact, can you confirm it matches the netty-codec-4.2.8.Final.jar actually fetched by the build and that the repo’s .sha1 formatting rules (trailing newline vs none) are satisfied?

plugins/repository-s3/licenses/netty-transport-native-unix-common-4.2.8.Final.jar.sha1 (1)

1-1: Checksum file looks structurally correct; please verify hash matches the resolved JAR (and newline expectations).

This should be validated against the exact netty-transport-native-unix-common-4.2.8.Final.jar pulled during dependency resolution; also confirm whether the lack of trailing newline is acceptable for your license/checksum tooling.

plugins/ingestion-kinesis/licenses/netty-transport-4.2.8.Final.jar.sha1 (1)

1-1: Checksum file looks structurally correct; please verify hash matches the resolved JAR (and newline expectations).

Can you confirm this SHA-1 corresponds to the netty-transport-4.2.8.Final.jar your build resolves (and that formatting matches the repository’s .sha1 conventions)?

plugins/arrow-flight-rpc/licenses/netty-transport-4.2.8.Final.jar.sha1 (1)

1-1: Checksum file looks structurally correct; please verify hash matches the resolved JAR.

Given this value is duplicated across multiple modules, it’d be good to ensure it matches the upstream artifact for netty-transport-4.2.8.Final.jar (and not a repackaged variant).

plugins/transport-reactor-netty4/licenses/netty-codec-http3-4.2.8.Final.jar.sha1 (1)

1-1: Checksum file looks structurally correct; please verify hash matches the resolved JAR.

Please validate this SHA-1 against the resolved netty-codec-http3-4.2.8.Final.jar, and confirm whether your checksum validation tasks expect a trailing newline in .sha1 files.

plugins/transport-reactor-netty4/licenses/netty-transport-4.2.8.Final.jar.sha1 (1)

1-1: Checksum file looks structurally correct; please verify hash matches the resolved JAR.

Can you confirm the netty-transport-4.2.8.Final.jar checksum here matches what Gradle resolves with your configured repositories (and that the file formatting is acceptable)?

plugins/repository-azure/licenses/netty-resolver-dns-4.2.8.Final.jar.sha1 (1)

1-1: Checksum file looks structurally correct; please verify hash matches the resolved JAR.

Please validate the SHA-1 against the netty-resolver-dns-4.2.8.Final.jar that the build actually downloads, and ensure .sha1 newline conventions are consistent with other license artifacts.

plugins/repository-s3/licenses/netty-transport-4.2.8.Final.jar.sha1 (1)

1-1: Checksum file looks structurally correct; please verify hash matches the resolved JAR.

Since this repeats the netty-transport checksum used elsewhere, please confirm it matches the exact resolved artifact for your dependency graph and repository configuration.

plugins/repository-azure/licenses/netty-codec-http2-4.2.8.Final.jar.sha1 (1)

1-1: Checksum verified and security patches confirmed.

The SHA-1 checksum 78b35b0d5491433123d7a029e051332c92678db4 for netty-codec-http2-4.2.8.Final.jar matches the official Maven Central artifact, confirming artifact integrity.

Netty 4.2.8.Final includes patches for known vulnerabilities including CVE-2025-59419 (SMTP command-injection), CVE-2025-58056 (HTTP/1.1 request-smuggling), CVE-2025-58057 (decompression DoS), and CVE-2025-55163 (HTTP/2 resource-exhaustion). This is a secure release with all known issues addressed.

plugins/arrow-flight-rpc/licenses/netty-codec-compression-4.2.8.Final.jar.sha1 (1)

1-1: The SHA-1 checksum for netty-codec-compression-4.2.8.Final is correct and matches the official artifact on Maven Central. No action required.

plugins/arrow-flight-rpc/licenses/netty-handler-4.2.8.Final.jar.sha1 (1)

1-1: Verify checksums match official Netty 4.2.8.Final Maven Central artifacts.

The checksum files are correctly formatted and consistent across modules. Netty 4.2.8.Final includes the patch for the MadeYouReset DDoS vulnerability (CVE-2025-55163) that was fixed in 4.2.4.Final, so this upgrade addresses known security issues.

modules/transport-netty4/licenses/netty-transport-4.2.8.Final.jar.sha1 (1)

1-1: No action needed—Netty version bump to 4.2.8.Final is complete.

All verification criteria are met:

• gradle/libs.versions.toml correctly specifies netty = "4.2.8.Final"
• Old 4.2.7.Final checksum files have been removed
• CHANGELOG.md documents the bump (PR Bump netty to 4.2.8.Final #20230)
• The SHA-1 file for netty-transport-4.2.8.Final is in place across all relevant modules

CHANGELOG.md (1)

24-24: Changelog entry is properly formatted and placed. The dependency bump is correctly documented in the Unreleased section with proper PR reference.

gradle/libs.versions.toml (1)

38-38: Version change is correctly centralized and referenced. All Netty library declarations reference the version via version.ref = "netty", ensuring they automatically pick up the new 4.2.8.Final version. No remaining 4.2.7.Final references exist in the codebase, and all 71 expected Netty 4.2.8.Final license checksum files are present across all modules.

plugins/arrow-flight-rpc/licenses/netty-transport-native-unix-common-4.2.8.Final.jar.sha1 (1)

1-1: Incorrect assumption about BouncyCastleProvider.java. The referenced file test/framework/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java does not exist in the codebase and has no references anywhere. There is no evidence this file was ever part of the repository or was removed by this PR. The only related BouncyCastle file in the test framework is BouncyCastleThreadFilter.java, which is a different class.

Likely an incorrect or invalid review comment.

plugins/ingestion-kinesis/licenses/netty-transport-native-unix-common-4.2.8.Final.jar.sha1 (1)

1-1: Verify SHA-1 checksum against official Netty 4.2.8.Final artifact.

The SHA-1 hash should be validated against the official netty-transport-native-unix-common-4.2.8.Final artifact published to Maven Central to ensure the dependency is authentic and unmodified.

plugins/ingestion-kinesis/licenses/netty-handler-4.2.8.Final.jar.sha1 (1)

1-1: No changes needed. The SHA-1 checksum file already includes a trailing newline and follows the standard format used throughout the license directory.

plugins/transport-reactor-netty4/licenses/netty-codec-http2-4.2.8.Final.jar.sha1 (1)

1-1: No action required — the hash is verified against Maven Central.

The SHA-1 hash 78b35b0d5491433123d7a029e051332c92678db4 matches the official netty-codec-http2-4.2.8.Final.jar artifact on Maven Central. The version is valid (released December 12, 2025) and includes security fixes. The hash is consistent across all related checksum files in modules and plugins.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

❌ Gradle check result for f53268c: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

[github-actions]

❌ Gradle check result for f53268c: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

[github-actions]

❌ Gradle check result for f53268c: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

[reta]

We may need to wait for 4.2.9 to fix the regression netty/netty#16022