Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients. This is Pepperdata's fork of the Netty project.
There are several code vulnerabilities (NIST CVEs) open against the Netty code that the Netty developers are only actively fixing in the 4.x branches. They have no further plans to fix many of these CVEs in the 3.10.x (final 3.x) branch. This poses a problem for us, since we are currently not prepared (or willing) to start using Netty 4.x instead of Netty 3.x, which would not only be a major undertaking, but also force us to find workarounds for the design issues (for us) that are inherent in Netty 4.x.
Hence this fork, which is intended to allow us to fix the CVEs in the 3.x branch, for the benefit of our own user base.
For details regarding the original project, please refer to README-orig.
Note that the original Netty repository has the 4.1 branch designated to be the default
branch currently. However, since we will be working exclusively on the 3.10.6.Final code
base (which is, as of this writing, the latest Netty release from the 3.10.x code base),
we have designated the 3.10.6 branch (that we created in the Pepperdata fork from Netty's
netty-3.10.6.final tag) to be our default branch. Please make sure that all
fetches/pushes are made only against the 3.10.6 branch of https://github.com/pepperdata/netty.
Also, in order to facilitate synchronizing to the original Netty repository (should that ever be necessary), the following have been established:
$ git remote add upstream git@github.com:netty/netty.git
$ git remote set-url --push upstream DISABLE
$ git remote -v
origin git@github.com:pepperdata/netty.git (fetch)
origin git@github.com:pepperdata/netty.git (push)
upstream git@github.com:netty/netty.git (fetch)
upstream DISABLE (push)
Note that currently, pushing to the upstream repository (which is not allowed anyway)
is disabled.
When you create a pull request to merge with our working branch (3.10.6), you must ensure that
- your base repository is
pepperdata/netty, and not the originalnetty/netty(which Github always uses as the default); and - you are attempting to merge with the
3.10.6branch ofpepperdata/netty, and not any other branch (Github uses the4.1branch by default, since that is the default branch of the originalnetty/nettyrepo).
Netty 3.10.x requires at least JDK 1.7 (at compile time), and Maven v. 3.1.1 and above (see
README-orig for further details). Thus, it is already compatible
with the standard PD development environment: simply run mvn clean package,
mvn clean deploy, etc., as usual. Note that distribution management has already been
updated to use our AWS CodeArtifact repository.
This code is licensed under the Apache License v2. See the LICENSE.txt file for further details.
Also refer to the NOTICE.txt file for required notices and attributions.