This is an automated email from the ASF dual-hosted git repository.
jackie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pinot.git
The following commit(s) were added to refs/heads/master by this push:
new 72921ad8223 Revert "Bump Netty from 4.1.132 to 4.2.11 with
compatibility fixes (#17980)" (#17991)
72921ad8223 is described below
commit 72921ad82239f8e19da3f370e5e7f51e2d1c865c
Author: Xiang Fu <[email protected]>
AuthorDate: Thu Mar 26 15:15:54 2026 -0700
Revert "Bump Netty from 4.1.132 to 4.2.11 with compatibility fixes
(#17980)" (#17991)
---
.../java/org/apache/pinot/common/config/TlsConfig.java | 15 +--------------
.../java/org/apache/pinot/common/utils/tls/TlsUtils.java | 3 ---
.../java/org/apache/pinot/core/transport/QueryServer.java | 10 ----------
pom.xml | 2 +-
4 files changed, 2 insertions(+), 28 deletions(-)
diff --git
a/pinot-common/src/main/java/org/apache/pinot/common/config/TlsConfig.java
b/pinot-common/src/main/java/org/apache/pinot/common/config/TlsConfig.java
index e425913ac36..e8588f28000 100644
--- a/pinot-common/src/main/java/org/apache/pinot/common/config/TlsConfig.java
+++ b/pinot-common/src/main/java/org/apache/pinot/common/config/TlsConfig.java
@@ -40,9 +40,6 @@ public class TlsConfig {
private String _sslProvider = SslProvider.JDK.toString();
// If true, the client will not verify the server's certificate
private boolean _insecure = false;
- // Endpoint identification algorithm for hostname verification (e.g.
"HTTPS").
- // Defaults to empty string (disabled) for backwards compatibility with
Netty 4.1.
- private String _endpointIdentificationAlgorithm = "";
// Allowed TLS protocols (optional, if not set uses default)
@Nullable
private String[] _allowedProtocols = null;
@@ -61,7 +58,6 @@ public class TlsConfig {
_trustStorePassword = tlsConfig._trustStorePassword;
_sslProvider = tlsConfig._sslProvider;
_insecure = tlsConfig._insecure;
- _endpointIdentificationAlgorithm =
tlsConfig._endpointIdentificationAlgorithm;
_allowedProtocols = tlsConfig._allowedProtocols != null
? Arrays.copyOf(tlsConfig._allowedProtocols,
tlsConfig._allowedProtocols.length)
: null;
@@ -143,14 +139,6 @@ public class TlsConfig {
_insecure = insecure;
}
- public String getEndpointIdentificationAlgorithm() {
- return _endpointIdentificationAlgorithm;
- }
-
- public void setEndpointIdentificationAlgorithm(String
endpointIdentificationAlgorithm) {
- _endpointIdentificationAlgorithm = endpointIdentificationAlgorithm;
- }
-
@Nullable
public String[] getAllowedProtocols() {
return _allowedProtocols != null ? Arrays.copyOf(_allowedProtocols,
_allowedProtocols.length) : null;
@@ -180,14 +168,13 @@ public class TlsConfig {
&& Objects.equals(_trustStorePath, tlsConfig._trustStorePath)
&& Objects.equals(_trustStorePassword, tlsConfig._trustStorePassword)
&& Objects.equals(_sslProvider, tlsConfig._sslProvider)
- && Objects.equals(_endpointIdentificationAlgorithm,
tlsConfig._endpointIdentificationAlgorithm)
&& Arrays.equals(_allowedProtocols, tlsConfig._allowedProtocols);
}
@Override
public int hashCode() {
int result = Objects.hash(_clientAuthEnabled, _keyStoreType,
_keyStorePath, _keyStorePassword, _trustStoreType,
- _trustStorePath, _trustStorePassword, _sslProvider, _insecure,
_endpointIdentificationAlgorithm);
+ _trustStorePath, _trustStorePassword, _sslProvider, _insecure);
result = 31 * result + Arrays.hashCode(_allowedProtocols);
return result;
}
diff --git
a/pinot-common/src/main/java/org/apache/pinot/common/utils/tls/TlsUtils.java
b/pinot-common/src/main/java/org/apache/pinot/common/utils/tls/TlsUtils.java
index 13f4ad6bffa..74cf0023dd1 100644
--- a/pinot-common/src/main/java/org/apache/pinot/common/utils/tls/TlsUtils.java
+++ b/pinot-common/src/main/java/org/apache/pinot/common/utils/tls/TlsUtils.java
@@ -343,9 +343,6 @@ public final class TlsUtils {
SslContextBuilder.forClient().sslProvider(SslProvider.valueOf(tlsConfig.getSslProvider()));
sslFactory.getKeyManagerFactory().ifPresent(sslContextBuilder::keyManager);
sslFactory.getTrustManagerFactory().ifPresent(sslContextBuilder::trustManager);
- // Netty 4.2 defaults endpointIdentificationAlgorithm to HTTPS (hostname
verification enabled).
- // Apply the value from TlsConfig, which defaults to empty (disabled) for
backwards compatibility.
-
sslContextBuilder.endpointIdentificationAlgorithm(tlsConfig.getEndpointIdentificationAlgorithm());
// Apply protocol restrictions if configured
String[] allowedProtocols = tlsConfig.getAllowedProtocols();
diff --git
a/pinot-core/src/main/java/org/apache/pinot/core/transport/QueryServer.java
b/pinot-core/src/main/java/org/apache/pinot/core/transport/QueryServer.java
index 201f36e700c..2f2ca7e2b7d 100644
--- a/pinot-core/src/main/java/org/apache/pinot/core/transport/QueryServer.java
+++ b/pinot-core/src/main/java/org/apache/pinot/core/transport/QueryServer.java
@@ -172,16 +172,6 @@ public class QueryServer {
} catch (Exception e) {
throw new RuntimeException(e);
} finally {
- // Explicitly close all client channels and wait for completion so that
remote peers detect
- // the shutdown promptly (Netty 4.2 no longer force-closes channels
during shutdownGracefully
- // with a zero timeout).
- for (SocketChannel ch : _allChannels.keySet()) {
- try {
- ch.close().sync();
- } catch (Exception e) {
- LOGGER.warn("Failed to close client channel: {}", ch, e);
- }
- }
_workerGroup.shutdownGracefully(0, 0, TimeUnit.SECONDS);
_bossGroup.shutdownGracefully(0, 0, TimeUnit.SECONDS);
}
diff --git a/pom.xml b/pom.xml
index 34af8b7a583..44f2e9529ee 100644
--- a/pom.xml
+++ b/pom.xml
@@ -174,7 +174,7 @@
<libthrift.verion>0.22.0</libthrift.verion>
<log4j.version>2.25.3</log4j.version>
<slf4j.version>2.0.17</slf4j.version>
- <netty.version>4.2.12.Final</netty.version>
+ <netty.version>4.1.132.Final</netty.version>
<reactivestreams.version>1.0.4</reactivestreams.version>
<jts.version>1.20.0</jts.version>
<h3.version>4.4.0</h3.version>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
