Today we are happy to announce the release of Netty 3.9.2.Final. This is an important release if you use a previous version of the 3.9 branch because it fixes a possible DoS attack when using the SslHandler. So please upgrade as soon as possible. For the security bug CVE-2014-3488 was assigned.

Beside the security fix this release also allows to use our own OpenSSLEngine which uses OpenSSL for maximal performance and low latency.

Most important changes / fixes

• Possible DoS by CPU exhaustion when using malicious SSL packets (#2562)
• Add OpenSslEngine (#2464)
• Provide universal API to create an SSLEngine (#2499)
• Minimize memory footprint of HashedWheelTimer and context-switching (#2453)

Visit here for the complete list of the changes.

As always please let us know if you find any issues. We love feedback!

Special notes

Using OpenSslEngine

For details how to use OpenSslEngine please refer to our Forked Tomcat Native page.

Thank You

Every idea and bug-report counts and so we thought it is worth mentioning those who helped in this area. Please report an unintended omission.

• @andreypanasenko
• @fredericBregier
• @jpinner
• @MiguelGL
• @normanmaurer
• @slandelle
• @trustin

Special thanks to Laurentiu Luca for reporting the SSL security issue!