Skip navigation

Netty 4.0.55.Final and 4.1.20.Final released

I'm happy to announce the latest bug-fix releases for our 4.0.x and 4.1.x series after a a bit more then one month of development. These releases contains bug-fixes, performance enhancements and feature so we encourage everyone to upgrade.

The most important changes for 4.0.55.Final and 4.1.20.Final are:

  • ByteBuf.toString(Charset) is not thread-safe (#7600)
  • ObjectCleaner should continue cleaning despite exceptions (#7598)
  • ObjectCleaner may indefinitely block on ReferenceQueue#poll (#7597)
  • Handling concatenated GZIP streams (#7577)
  • Correctly take position into account when wrap a ByteBuffer via ReadOnlyUnsafeDirectByteBuf (#7580)
  • Remove remote initiated renegotiation support (#7558)
  • Remove direct usage of JKS and SunX509 (#7547)
  • OpenSslEngine: Remove renegotiation support (#7544)
  • Ensure ThreadDeathWatcher and GlobalEventExecutor will not cause classloader leaks (#7493)

The most important changes for 4.1.20.Final only are:

  • Fix concurrency issue in DnsNameResolver when DefaultDnsCache is used. defect (#7584)
  • HTTP/2 Remove Http2FrameStream#CONNECTION_STREAM (#7575)
  • IovArray#add return value resulted in more ByteBufs being added during iteration (#7563)
  • Add 32 bytes overhead per header entry when calculating headers length in HPackDecoder (#7531)
  • HTTP/2 support pending data larger than Integer.MAX_VALUE (#7523)
  • Add h2spec test suite module to check if netty http2 implementation conforms with the specification (#7504)
  • Ability to scoop up events that reach the tail of the ChannelPipeline (#7494)

For the details and all changes, please browse our issue tracker for 4.0.55.Final and 4.1.20.Final.

All changes that are in 4.0.55.Final are also included in 4.1.20.Final. All changes only have milestone 4.1.20.Final do not affect 4.0.55.Final.

Important notes

Renegotiation support removed

This release remove renegotiation support when using OpenSSL / LibreSSL / BoringSSL as we consider it as insecure and so a security risk. If you depend on this feature (you should not!) you will need to use SslProvider.JDK.

4.0.x releases

We will only do one more release (after this) for the 4.0 tree. After that we will move development to 4.1.x and 5.x (next-major) only.

As always, please let us know if you find any issues. We love feedback!

Thank You

Every idea and bug-report counts and so we thought it is worth mentioning those who helped in this area. Please report an unintended omission.