Skip to content

[grid] update to netty 4.2.4 #16194

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: trunk
Choose a base branch
from
Open

[grid] update to netty 4.2.4 #16194

wants to merge 1 commit into from
+178 −60

Conversation

joerg1985
Copy link
Member

@joerg1985 joerg1985 commented Aug 16, 2025
edited by qodo-merge-pro bot
Loading

User description

🔗 Related Issues

💥 What does this PR do?

Update to netty 4.2.4, add the dependencies needed for redis tests to pass with the new netty version.

🔧 Implementation Notes

I did follow most of the migration guide at https://netty.io/wiki/netty-4.2-migration-guide.html, but:

  • switchted not to the old memory allocator for testing, as we should have not a high throughput
  • stick to the SelfSignedCertificate for now, as it is unclear how to use the new CertificateBuilder correct

💡 Additional Considerations

🔄 Types of changes

  • Cleanup (formatting, renaming)
  • Bug fix (backwards compatible)
  • New feature (non-breaking change which adds functionality and tests!)
  • Breaking change (fix or feature that would cause existing functionality to change)

PR Type

Enhancement

Description

  • Update Netty from 4.1.121.Final to 4.2.4.Final

  • Migrate to new MultiThreadIoEventLoopGroup API

  • Add required dependencies for Redis tests compatibility

  • Update Maven dependencies and build configurations

Diagram Walkthrough

flowchart LR
  A["Netty 4.1.121"] --> B["Netty 4.2.4"]
  B --> C["New Event Loop API"]
  B --> D["Additional Dependencies"]
  C --> E["MultiThreadIoEventLoopGroup"]
  D --> F["Protobuf & Marshalling"]
Loading

File Walkthrough
Relevant files
Enhancement
NettyServer.java
Migrate to Netty 4.2 event loop API                                           

java/src/org/openqa/selenium/netty/server/NettyServer.java

  • Replace NioEventLoopGroup with MultiThreadIoEventLoopGroup
  • Add NioIoHandler.newFactory() for event loop initialization
  • Update imports for new Netty 4.2 API
 +4/-3     
Dependencies
MODULE.bazel
Update Netty BOM and add dependencies                                       

MODULE.bazel

  • Update netty-bom from 4.1.121.Final to 4.2.4.Final
  • Add protobuf-java and protobuf-javanano dependencies
  • Add jboss-marshalling dependency for Redis tests
 +4/-1     
maven_install.json
Maven dependency resolution updates                                           

java/maven_install.json

  • Update artifact hashes for new Netty 4.2.4 versions
  • Add new Netty codec modules (base, compression, marshalling, protobuf)
  • Update dependency tree with new module structure
  • Add protobuf and marshalling library entries
 +167/-56
BUILD.bazel
Add Redis module dependencies                                                       

java/src/org/openqa/selenium/redis/BUILD.bazel

  • Add protobuf-java and protobuf-javanano artifacts
  • Add jboss-marshalling artifact dependency
  • Update build dependencies for Redis module
 +3/-0     

@selenium-ci selenium-ci added C-java Java Bindings B-build Includes scripting, bazel and CI integrations C-rust Rust code is mostly Selenium Manager B-manager Selenium Manager labels Aug 16, 2025
@qodo-merge-pro Qodo Merge Pro
Copy link
Contributor

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

🎫 Ticket compliance analysis 🔶

1234 - Partially compliant

Compliant requirements:

Non-compliant requirements:

  • Investigate and address regression for click() JS href not triggering in 2.48.x
  • Provide a fix or workaround restoring JS execution on click
  • Validate behavior on Firefox 42

Requires further human verification:

5678 - Partially compliant

Compliant requirements:

Non-compliant requirements:

  • Diagnose and resolve ConnectFailure for multiple ChromeDriver instances
  • Ensure stable multiple session creation without errors
  • Provide guidance or code/config changes

Requires further human verification:

⏱️ Estimated effort to review: 3 🔵🔵🔵⚪⚪
🧪 No relevant tests
🔒 Security concerns

Dependency changes:
Adding netty-pkitesting and updating Netty introduce transitive crypto (BouncyCastle) changes. Ensure versions are pinned (conflict resolution shows bcprov-jdk18on to 1.81) and that pkitesting is not exposing test certificates or insecure defaults in production builds. No direct injection/XSS/secret exposure evident.

⚡ Recommended focus areas for review

Possible Issue

Switching to CertificateBuilder.buildSelfSigned() and using X509Bundle.toKeyManagerFactory() changes certificate/key material loading semantics. Ensure compatibility with the existing ServerOptions (e.g., cipher suites, protocols) and that client connections still succeed across JDKs and OSes.

 
try {
  X509Bundle cert = new CertificateBuilder().buildSelfSigned();
  sslCtx = SslContextBuilder.forServer(cert.toKeyManagerFactory()).build();
} catch (Exception e) {
  throw new UncheckedIOException(new IOException("Self-signed certificate problem.", e));
}
Behavior Change

Replacing NioEventLoopGroup with MultiThreadIoEventLoopGroup(NioIoHandler.newFactory()) may alter threading and performance characteristics. Validate shutdown hooks, thread naming, and compatibility with NioServerSocketChannel.

 
bossGroup = new MultiThreadIoEventLoopGroup(1, NioIoHandler.newFactory());
workerGroup = new MultiThreadIoEventLoopGroup(NioIoHandler.newFactory());
Dependency Risk

Adding io.netty:netty-pkitesting introduces a test/PKI helper at runtime scope. Confirm it is intended for production artifact and does not bloat runtime or pull unnecessary BouncyCastle versions.

 
"io.grpc:grpc-context:1.74.0",
"io.lettuce:lettuce-core:6.8.0.RELEASE",
"io.netty:netty-buffer",
"io.netty:netty-codec-http",
"io.netty:netty-codec-http2",
"io.netty:netty-common",
"io.netty:netty-handler",
"io.netty:netty-handler-proxy",
"io.netty:netty-pkitesting",
"io.netty:netty-transport",
"io.opentelemetry:opentelemetry-api",

@qodo-merge-pro Qodo Merge Pro
Copy link
Contributor

qodo-merge-pro bot commented Aug 16, 2025
edited
Loading

PR Code Suggestions ✨

Explore these optional code suggestions:

CategorySuggestion                                                                                                                                    Impact
Possible issue
Include hostname in self-signed cert

Preserve hostname information in the self-signed certificate to avoid TLS
validation issues for clients that perform hostname verification. Pass the
configured hostname (or fallback) as a subject alternative name when building
the certificate.

java/src/org/openqa/selenium/netty/server/NettyServer.java [90-99]

 } else if (options.isSelfSigned()) {
   try {
-    X509Bundle cert = new CertificateBuilder().buildSelfSigned();
+    String commonName = options.getHostname().orElse("localhost");
+    X509Bundle cert = new CertificateBuilder()
+        .addSubjectAlternativeName(commonName)
+        .buildSelfSigned();
     sslCtx = SslContextBuilder.forServer(cert.toKeyManagerFactory()).build();
   } catch (Exception e) {
     throw new UncheckedIOException(new IOException("Self-signed certificate problem.", e));
   }
 } else {
   sslCtx = null;
 }
  • Apply / Chat
Suggestion importance[1-10]: 8

__

Why: The suggestion correctly identifies that not including the hostname in the self-signed certificate can lead to TLS validation failures, and proposes a valid fix using the available options object.

Medium
  • Update

@joerg1985 joerg1985 force-pushed the netty-4.2 branch 2 times, most recently from 4e54a5c to ed9cd12 Compare August 16, 2025 20:39
@joerg1985 joerg1985 added B-grid Everything grid and server related and removed C-rust Rust code is mostly Selenium Manager B-manager Selenium Manager Possible security concern C-java Java Bindings B-build Includes scripting, bazel and CI integrations labels Aug 16, 2025
@joerg1985 joerg1985 marked this pull request as draft August 16, 2025 21:33
@diemol diemol requested a review from shs96c August 17, 2025 09:31
@joerg1985 joerg1985 marked this pull request as ready for review August 17, 2025 12:07
@qodo-merge-pro Qodo Merge Pro
Copy link
Contributor

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

🎫 Ticket compliance analysis 🔶

5678 - Partially compliant

Compliant requirements:

  • None

Non-compliant requirements:

  • Diagnose and resolve ConnectFailure during multiple ChromeDriver instantiations
  • Ensure subsequent instantiations do not produce errors

Requires further human verification:

  • Verify at runtime that the Netty upgrade and event loop changes do not introduce regressions in Grid/Redis components under multi-session load.

1234 - Partially compliant

Compliant requirements:

  • None

Non-compliant requirements:

  • Trigger JS in href on click in Firefox

Requires further human verification:

  • Browser behavior validation in Firefox—unrelated to this Netty/Grid upgrade PR.
⏱️ Estimated effort to review: 3 🔵🔵🔵⚪⚪
🧪 No relevant tests
🔒 No security concerns identified
⚡ Recommended focus areas for review

API Migration Risk

Switching to MultiThreadIoEventLoopGroup with NioIoHandler.newFactory() may change threading and channel behavior; validate server bootstrap compatibility and graceful shutdown, and ensure no resource leaks.

 
bossGroup = new MultiThreadIoEventLoopGroup(1, NioIoHandler.newFactory());
workerGroup = new MultiThreadIoEventLoopGroup(NioIoHandler.newFactory());
Dependency Surface Growth

Added protobuf and marshalling artifacts; confirm they are strictly required and do not inflate runtime classpath for modules that don't need them.

 
    "com.google.protobuf:protobuf-java:3.25.5",
    "com.google.protobuf.nano:protobuf-javanano:3.1.0",
    "com.graphql-java:graphql-java:24.1",
    "dev.failsafe:failsafe:3.3.2",
    "io.grpc:grpc-context:1.74.0",
    "io.lettuce:lettuce-core:6.8.0.RELEASE",
    "io.netty:netty-buffer",
    "io.netty:netty-codec-http",
    "io.netty:netty-codec-http2",
    "io.netty:netty-common",
    "io.netty:netty-handler",
    "io.netty:netty-handler-proxy",
    "io.netty:netty-transport",
    "io.opentelemetry:opentelemetry-api",
    "io.opentelemetry:opentelemetry-context",
    "io.opentelemetry:opentelemetry-exporter-logging",
    "io.opentelemetry:opentelemetry-sdk",
    "io.opentelemetry:opentelemetry-sdk-common",
    "io.opentelemetry:opentelemetry-sdk-extension-autoconfigure",
    "io.opentelemetry:opentelemetry-sdk-extension-autoconfigure-spi",
    "io.opentelemetry:opentelemetry-sdk-testing",
    "io.opentelemetry:opentelemetry-sdk-trace",
    "it.ozimov:embedded-redis:0.7.3",
    "net.bytebuddy:byte-buddy:1.17.6",
    "org.htmlunit:htmlunit-core-js:4.14.0",
    "org.apache.commons:commons-exec:1.5.0",
    "org.apache.logging.log4j:log4j-core:2.25.1",
    "org.assertj:assertj-core:3.27.4",
    "org.bouncycastle:bcpkix-jdk18on:1.81",
    "org.eclipse.mylyn.github:org.eclipse.egit.github.core:2.1.5",
    "org.hsqldb:hsqldb:2.7.4",
    "org.jboss.marshalling:jboss-marshalling:2.2.3.Final",
    "org.jspecify:jspecify:1.0.0",
    "org.junit.jupiter:junit-jupiter-api",
    "org.junit.jupiter:junit-jupiter-engine",
    "org.junit.jupiter:junit-jupiter-params",
    "org.junit.platform:junit-platform-launcher",
    "org.junit.platform:junit-platform-reporting",
    "org.junit.platform:junit-platform-commons",
    "org.junit.platform:junit-platform-engine",
    "org.mockito:mockito-core:5.18.0",
    "org.redisson:redisson:3.50.0",
    "org.slf4j:slf4j-api:2.0.17",
    "org.slf4j:slf4j-jdk14:2.0.17",
    "org.tomlj:tomlj:1.1.1",
    "org.zeromq:jeromq:0.6.0",
    "uk.org.webcompere:system-stubs-jupiter:2.1.8",
    "uk.org.webcompere:system-stubs-core:2.1.8",
],
boms = [
    "io.opentelemetry:opentelemetry-bom:1.53.0",
    "io.netty:netty-bom:4.2.4.Final",
    "org.junit:junit-bom:5.13.4",
Generated Lockfile Consistency

New Netty modules and hashes were added; ensure all referenced modules exist in repositories and align with the selected netty-bom to avoid resolution conflicts.

 
"io.lettuce:lettuce-core": {
  "shasums": {
    "jar": "165134b6ce55caa822440fb23e7dc910a13fedada6ea1f4587145fe0c7f0a657",
    "sources": "1540cc4fd90f10d2221ff0f42bf01f08dcc0967742a1d62744a719e79e6a0984"
  },
  "version": "6.8.0.RELEASE"
},
"io.netty:netty-buffer": {
  "shasums": {
    "jar": "9e0dd42f1eabc58433962efa329acd372df305c30a6a58cd17feb1cd32f9e289",
    "sources": "46ccc0b286ac575b42ebfc6ccc58c02888996cfb090049484a78bd96375b0ea5"
  },
  "version": "4.2.4.Final"
},
"io.netty:netty-codec": {
  "shasums": {
    "jar": "86da6271c6d2ef06cf5e42a03bbc67a5f074f9778464f512f1c84c33fbfc89a9",
    "sources": "56f1adb200d60a4ee01785f00e271c37766d1c955536f54fa08ea475424d948e"
  },
  "version": "4.2.4.Final"
},
"io.netty:netty-codec-base": {
  "shasums": {
    "jar": "0af2c137a8a3b264baf15887470d856a89bf712025a08652c3038bfffbfe6634",
    "sources": "01a4cfd4793e50153cc4826458120590f6f7321d72b6fe2231eb894140e2422d"
  },
  "version": "4.2.4.Final"
},
"io.netty:netty-codec-compression": {
  "shasums": {
    "jar": "63971c806632b08389c6d0b3c9d853dfef047618cd4cf555f23a992e155ce09c",
    "sources": "adba308c520c2b7c76b84d551add8b606355ac051ba4f2c631b2c5f07d917100"
  },
  "version": "4.2.4.Final"
},
"io.netty:netty-codec-dns": {
  "shasums": {
    "jar": "d5af43be74356efe87520478e6ab55132c9c023e96c99e1a438f3e5860cd5c9e",
    "sources": "0ac96df3a2d79b619e862e26525491b9364c201bbce9d82a82da1569fd63d69f"
  },
  "version": "4.2.4.Final"
},
"io.netty:netty-codec-http": {
  "shasums": {
    "jar": "bde689ddf294f70f105d0955cfc6d784d1e5ee4ea7730a733b1fc4728456d950",
    "sources": "bbba2b1424ab83003c0252bd3433d514d93a709390873e140f0fdb41f9cf1bda"
  },
  "version": "4.2.4.Final"
},
"io.netty:netty-codec-http2": {
  "shasums": {
    "jar": "89dc4fedb5c466d7ccdcc1193e4bb247a69b09042e7e4df994f3c4350d3102ee",
    "sources": "05db5f67340ece2fe86cffba2bd6555e212acc5e0572853b83dd95bff69587f8"
  },
  "version": "4.2.4.Final"
},
"io.netty:netty-codec-marshalling": {
  "shasums": {
    "jar": "2a3a8b1e631284fd2b538c11c9bd346c93ff16dc1c70bbab558dc8f24f1a4044",
    "sources": "ee6fec7b009c0fccdeacc33febe45973e9ccfa1ec342369c2f01bbfcb994ec5c"
  },
  "version": "4.2.4.Final"
},
"io.netty:netty-codec-protobuf": {
  "shasums": {
    "jar": "2318f521017dee8e0e4e50fd8d5e8a1b1d4762dcb69ea9aa52a7b79ff8c760bf",
    "sources": "61b817cbbf3dca1287fcc8b7525521561fefcdc94fa407f46b4ed4efcb9f9e98"
  },
  "version": "4.2.4.Final"
},
"io.netty:netty-codec-socks": {
  "shasums": {
    "jar": "d878e818f39b0d40bbfa942c7aaecea8cd62f14d3474e7b1e69a86dbea9d13cd",
    "sources": "1c2ff437576f46a6d6f14c2f066518994be2bcd8fe3295828cf06c4467f1eb0e"
  },
  "version": "4.2.4.Final"
},
"io.netty:netty-common": {
  "shasums": {
    "jar": "dd57448463662154c32e0cfa099960a16eda5f0896050e44195b0fc29863837f",
    "sources": "179d3073b473a446089083e5455904719f4ee145921c69023a883498b9d010bd"
  },
  "version": "4.2.4.Final"
},
"io.netty:netty-handler": {
  "shasums": {
    "jar": "5280b7ec84d494051ba99639c86793b04d924ea7ebdadac1528e66f4fe8392c8",
    "sources": "7ba3d1009cbf9aab7af8d773c1805d14d19b70cabebcae204aad2e44126813b3"
  },
  "version": "4.2.4.Final"
},
"io.netty:netty-handler-proxy": {
  "shasums": {
    "jar": "14643a410912aae6314df96f80528ce4f89dfda1d2c7538bb3ee3f88de55a24f",
    "sources": "f5531ddfaddfa86271e938565a5508dd493e00bede7da1ab38c748d030a0aa30"
  },
  "version": "4.2.4.Final"
},
"io.netty:netty-resolver": {
  "shasums": {
    "jar": "152b6531c0f9092b6a5c40c9ab709cfac275e433b4c080501740790d39863a0c",
    "sources": "b9bda1f6739d96e856cfde6725824d9ac185c586d713dcf0fbf0c78e1fbce6cb"
  },
  "version": "4.2.4.Final"
},
"io.netty:netty-resolver-dns": {
  "shasums": {
    "jar": "234325c9efa5f2583fc291d47d12168222abf9cadae7b54a560583ac3db08be1",
    "sources": "12b16163864ae8f55cac110a48faf94bdb81fa9a0cc6df26752815651e828a47"
  },
  "version": "4.2.4.Final"
},
"io.netty:netty-transport": {
  "shasums": {
    "jar": "c7873858bcf25d59211f99d3dd35a52d644efc5116cd0a00cd4402b3d23c6372",
    "sources": "01ccb80cb2c357aa6ee707074a7a1b75658cfe4fb5a6836587e3e1b6a1b3099d"
  },
  "version": "4.2.4.Final"
},
"io.netty:netty-transport-native-unix-common": {
  "shasums": {
    "jar": "d2e4f5a147af8546f5250f1fa7d1bc08b0f28e15f0f3195c7f24ebb1862a43c1",
    "sources": "fb93ce5111649f8c9fded892448bb20f977f841fc10c52ad70a2fa1b09586f2e"
  },
  "version": "4.2.4.Final"
},

@qodo-merge-pro Qodo Merge Pro
Copy link
Contributor

PR Code Suggestions ✨

Explore these optional code suggestions:

CategorySuggestion                                                                                                                                    Impact
High-level
Validate Netty 4.2 API usage

Migrating to MultiThreadIoEventLoopGroup with NioIoHandler.newFactory() changes
threading and transport semantics; ensure all channel classes (e.g.,
NioServerSocketChannel) and pipeline handlers are compatible and that native
transports or alternatives are not required in some environments. Also, adding
protobuf/marshalling dependencies broadens the attack surface; confirm they are
strictly scoped to tests or Redis modules and that shading or version alignment
avoids conflicts with existing protobuf users in the repo.

Examples:

java/src/org/openqa/selenium/netty/server/NettyServer.java [103-104] 
bossGroup = new MultiThreadIoEventLoopGroup(1, NioIoHandler.newFactory());
workerGroup = new MultiThreadIoEventLoopGroup(NioIoHandler.newFactory());
java/src/org/openqa/selenium/redis/BUILD.bazel [11-18] 
deps = [
    "//java/src/org/openqa/selenium/grid/data",
    artifact("com.google.protobuf:protobuf-java"),
    artifact("com.google.protobuf.nano:protobuf-javanano"),
    artifact("io.lettuce:lettuce-core"),
    artifact("org.jboss.marshalling:jboss-marshalling"),
    artifact("org.redisson:redisson"),
],

Solution Walkthrough:

Before:

// In NettyServer.java
// Using old Netty 4.1 API
bossGroup = new NioEventLoopGroup(1);
workerGroup = new NioEventLoopGroup();

// In build files
// Dependencies are managed for Netty 4.1

After:

// In NettyServer.java
// Using new Netty 4.2 API
bossGroup = new MultiThreadIoEventLoopGroup(1, NioIoHandler.newFactory());
workerGroup = new MultiThreadIoEventLoopGroup(NioIoHandler.newFactory());
// Consider if native transports (e.g., Epoll) are needed for some environments
// bossGroup = new MultiThreadIoEventLoopGroup(1, EpollIoHandler.newFactory());

// In build files
// Dependencies for Redis module are explicitly scoped
// and checked for version conflicts.
Suggestion importance[1-10]: 8

__

Why: The suggestion correctly identifies major changes in the PR, raising valid concerns about the Netty API migration in NettyServer.java and the scope and security implications of new dependencies in build files.

Medium
General
Verify BOM-module alignment

Netty 4.2 splits codec modules; ensure transitive alignment by importing the
matching BOM only if all new modules are resolvable. Verify that any modules
removed from 4.1 (e.g., consolidated codecs) are not pinned elsewhere to prevent
dependency resolution errors.

MODULE.bazel [240]

+"io.netty:netty-bom:4.2.4.Final",
 
-
  • Apply / Chat
Suggestion importance[1-10]: 7

__

Why: This is a good, high-level verification check for a dependency version upgrade, ensuring that the new BOM aligns with all module changes, which is a valid concern in this PR.

Medium
  • More

@VietND96
Copy link
Member

This would be great, since I also just saw the CVE notice for version < 4.1.123.Final and want to do the upgrade. However, you already did it.

@VietND96 VietND96 added this to the Selenium 4.36 milestone Aug 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shs96c shs96c Awaiting requested review from shs96c

Assignees
No one assigned
Labels
B-grid Everything grid and server related Review effort 3/5
Projects
None yet
Milestone
Selenium 4.36
Development

Successfully merging this pull request may close these issues.
3 participants
@joerg1985 @VietND96 @selenium-ci