Skip to content

Commit 168a969

Browse files
dependabot[bot]dependabot[bot]
authored
MINOR: Bump io.netty:netty-bom from 4.2.10.Final to 4.2.12.Final (#1091)
Bumps [io.netty:netty-bom](https://github.com/netty/netty) from 4.2.10.Final to 4.2.12.Final. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/netty/netty/releases">io.netty:netty-bom's releases</a>.</em></p> <blockquote> <h2>netty-4.2.12.Final</h2> <h2>What's Changed</h2> <ul> <li>Revert &quot;Eliminate redundant bounds checks in CompositeByteBuf accessors&quot; by <a href="https://github.com/chrisvest"><code>@​chrisvest</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16550">netty/netty#16550</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/netty/netty/compare/netty-4.2.11.Final...netty-4.2.12.Final">https://github.com/netty/netty/compare/netty-4.2.11.Final...netty-4.2.12.Final</a></p> <h2>netty-4.2.11.Final</h2> <h2>Security</h2> <ul> <li>CVE-2026-33871, <a href="https://github.com/netty/netty/security/advisories/GHSA-w9fj-cfpg-grvv">HTTP/2 CONTINUATION Frame Flood Denial of Service</a></li> <li>CVE-2026-33870, <a href="https://github.com/netty/netty/security/advisories/GHSA-pwqr-wmgm-9rr8">HTTP Request Smuggling via Chunked Extension Quoted-String Parsing</a></li> </ul> <h2>What's Changed</h2> <ul> <li>Update to latest JDK 26 EA release by <a href="https://github.com/normanmaurer"><code>@​normanmaurer</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16230">netty/netty#16230</a></li> <li>HTTP3: Allow to support non-standard HTTP3 settings by <a href="https://github.com/normanmaurer"><code>@​normanmaurer</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16171">netty/netty#16171</a></li> <li>Fix Incorrect nanos-to-millis conversion in epoll_wait EINTR retry loop by <a href="https://github.com/adwsingh"><code>@​adwsingh</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16245">netty/netty#16245</a></li> <li>Allocate one large segment and slice for each MsgHdrMemory by <a href="https://github.com/dreamlike-ocean"><code>@​dreamlike-ocean</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16234">netty/netty#16234</a></li> <li>Make RefCntOpenSslContext.deallocate more robust by <a href="https://github.com/chrisvest"><code>@​chrisvest</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16253">netty/netty#16253</a></li> <li>Epoll: Fix excessive CPU usage when Channel is only registered but no… by <a href="https://github.com/normanmaurer"><code>@​normanmaurer</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16250">netty/netty#16250</a></li> <li>Update to gcc for arm 10.3-2021.07 by <a href="https://github.com/m1ngyuan"><code>@​m1ngyuan</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16255">netty/netty#16255</a></li> <li>Add acmeIdentifier extension support to pkitesting by <a href="https://github.com/chrisvest"><code>@​chrisvest</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16256">netty/netty#16256</a></li> <li>Update JDK versions to latest patch releases by <a href="https://github.com/m1ngyuan"><code>@​m1ngyuan</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16254">netty/netty#16254</a></li> <li>Avoid allocation in HttpObjectEncoder.addEncodedLengthHex method by <a href="https://github.com/doom369"><code>@​doom369</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16241">netty/netty#16241</a></li> <li>Automatic backporting workflow from 4.1 to 4.2 by <a href="https://github.com/chrisvest"><code>@​chrisvest</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16269">netty/netty#16269</a></li> <li>Revert &quot;Automatic backporting workflow from 4.1 to 4.2&quot; by <a href="https://github.com/chrisvest"><code>@​chrisvest</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16270">netty/netty#16270</a></li> <li>HTTP2: Correctly account for padding when decompress by <a href="https://github.com/normanmaurer"><code>@​normanmaurer</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16264">netty/netty#16264</a></li> <li>Automatic backporting workflow from 4.1 to 4.2 by <a href="https://github.com/chrisvest"><code>@​chrisvest</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16271">netty/netty#16271</a></li> <li>Automatic backporting workflow from 4.1 to 4.2 by <a href="https://github.com/chrisvest"><code>@​chrisvest</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16273">netty/netty#16273</a></li> <li>Backport PRs must be created with personal access tokens by <a href="https://github.com/chrisvest"><code>@​chrisvest</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16276">netty/netty#16276</a></li> <li>Expose QuicSslContextBuilder::sni by <a href="https://github.com/ZeroErrors"><code>@​ZeroErrors</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16178">netty/netty#16178</a></li> <li>Add more porting workflows by <a href="https://github.com/chrisvest"><code>@​chrisvest</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16275">netty/netty#16275</a></li> <li>Add more porting workflows by <a href="https://github.com/chrisvest"><code>@​chrisvest</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16283">netty/netty#16283</a></li> <li>Remove the unpooled allocator from test permutations by <a href="https://github.com/chrisvest"><code>@​chrisvest</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16282">netty/netty#16282</a></li> <li>Some polishing of the porting workflows by <a href="https://github.com/chrisvest"><code>@​chrisvest</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16288">netty/netty#16288</a></li> <li>Allow to set destination connection id when creating a client side QuicheChannel by <a href="https://github.com/normanmaurer"><code>@​normanmaurer</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16286">netty/netty#16286</a></li> <li>Update to latest JDK26 EA build by <a href="https://github.com/normanmaurer"><code>@​normanmaurer</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16295">netty/netty#16295</a></li> <li>Add javadoc to clarify responsibility of the user when generating the remote connection id by <a href="https://github.com/normanmaurer"><code>@​normanmaurer</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16293">netty/netty#16293</a></li> <li>Make the build run faster by <a href="https://github.com/chrisvest"><code>@​chrisvest</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16290">netty/netty#16290</a></li> <li>Fix IDE warnings in SslHandler by <a href="https://github.com/doom369"><code>@​doom369</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16237">netty/netty#16237</a></li> <li>Decrease Long allocations and map.put calls in ReferenceCountedOpenSllEngine in handshake() method by <a href="https://github.com/doom369"><code>@​doom369</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16242">netty/netty#16242</a></li> <li>Support boringssl SSLCredential API by <a href="https://github.com/jmcrawford45"><code>@​jmcrawford45</code></a> in <a href="https://redirect.github.com/netty/netty/pull/15919">netty/netty#15919</a></li> <li>Fix high-order bit aliasing in HttpUtil.validateToken by <a href="https://github.com/furkanvarol"><code>@​furkanvarol</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16279">netty/netty#16279</a></li> <li>Improve multi-byte access performance when UNALIGNED availability is unknown by <a href="https://github.com/Songdoeon"><code>@​Songdoeon</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16207">netty/netty#16207</a></li> <li>Avoid unnecessary SSL.getVersion() call and string allocation in ReferenceCountedOpenSslEngine by <a href="https://github.com/doom369"><code>@​doom369</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16278">netty/netty#16278</a></li> <li>Support more branch freedom for auto-porting by <a href="https://github.com/chrisvest"><code>@​chrisvest</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16300">netty/netty#16300</a></li> <li>fix: the precedence of + is higher than &gt;&gt; by <a href="https://github.com/cuiweixie"><code>@​cuiweixie</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16312">netty/netty#16312</a></li> <li>AdaptiveByteBufAllocator: make sure byteBuf.capacity() not greater than byteBuf.maxCapacity() by <a href="https://github.com/laosijikaichele"><code>@​laosijikaichele</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16309">netty/netty#16309</a></li> <li>Fix flaky PooledByteBufAllocatorTest by <a href="https://github.com/chrisvest"><code>@​chrisvest</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16313">netty/netty#16313</a></li> <li>Fix pooled arena accounting tests by <a href="https://github.com/chrisvest"><code>@​chrisvest</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16321">netty/netty#16321</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/netty/netty/commit/67ce541e4692853e24fc506466960db35bb64914"><code>67ce541</code></a> [maven-release-plugin] prepare release netty-4.2.12.Final</li> <li><a href="https://github.com/netty/netty/commit/7074624644b79f4e97081bd58a58ed135962b8c2"><code>7074624</code></a> Revert &quot;Eliminate redundant bounds checks in CompositeByteBuf accessors&quot; (<a href="https://redirect.github.com/netty/netty/issues/16">#16</a>...</li> <li><a href="https://github.com/netty/netty/commit/c3b0a43442dbf84e3eb161d5f252623f832f1579"><code>c3b0a43</code></a> [maven-release-plugin] prepare for next development iteration</li> <li><a href="https://github.com/netty/netty/commit/c94a8180e749f694fb76963dd494bae17c31aff6"><code>c94a818</code></a> [maven-release-plugin] prepare release netty-4.2.11.Final</li> <li><a href="https://github.com/netty/netty/commit/3b76df185678353733aa21702d6be16130d188a0"><code>3b76df1</code></a> Merge commit from fork</li> <li><a href="https://github.com/netty/netty/commit/aae944a19eb036993fc47c4b40639476f519deaf"><code>aae944a</code></a> Auto-port 4.2: Limit the number of Continuation frames per HTTP2 Headers (<a href="https://redirect.github.com/netty/netty/issues/16">#16</a>...</li> <li><a href="https://github.com/netty/netty/commit/60014996491c41d91c26f80bca096610f34fc858"><code>6001499</code></a> Eliminate redundant bounds checks in CompositeByteBuf accessors (<a href="https://redirect.github.com/netty/netty/issues/16525">#16525</a>)</li> <li><a href="https://github.com/netty/netty/commit/a7fbb6f84625ef29733a1506ed3520e3c21d5247"><code>a7fbb6f</code></a> JdkZlibDecoder: accumulate decompressed output before firing channelRead (<a href="https://redirect.github.com/netty/netty/issues/16">#16</a>...</li> <li><a href="https://github.com/netty/netty/commit/7937553d8f49e17b064f57b1414907aed8e3be3d"><code>7937553</code></a> Enforce io.netty.maxDirectMemory accounting on all Java versions (<a href="https://redirect.github.com/netty/netty/issues/16489">#16489</a>)</li> <li><a href="https://github.com/netty/netty/commit/893ea2ea6c35c9e1812e5d331530b88d8690022b"><code>893ea2e</code></a> Allocate less in QueryStringDecoder.addParam for typical use case (<a href="https://redirect.github.com/netty/netty/issues/16527">#16527</a>)</li> <li>Additional commits viewable in <a href="https://github.com/netty/netty/compare/netty-4.2.10.Final...netty-4.2.12.Final">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=io.netty:netty-bom&package-manager=maven&previous-version=4.2.10.Final&new-version=4.2.12.Final)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 parent 07d9987 commit 168a969

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -98,7 +98,7 @@ under the License.
9898
<dep.junit.jupiter.version>5.12.2</dep.junit.jupiter.version>
9999
<dep.slf4j.version>2.0.17</dep.slf4j.version>
100100
<dep.guava-bom.version>33.5.0-jre</dep.guava-bom.version>
101-
<dep.netty-bom.version>4.2.10.Final</dep.netty-bom.version>
101+
<dep.netty-bom.version>4.2.12.Final</dep.netty-bom.version>
102102
<dep.grpc-bom.version>1.79.0</dep.grpc-bom.version>
103103
<dep.protobuf-bom.version>4.34.1</dep.protobuf-bom.version>
104104
<dep.jackson-bom.version>2.21.2</dep.jackson-bom.version>

0 commit comments

Comments
 (0)