I'm happy the latest bug-fix release for our 4.0.x series today.

This release contains many bug-fixes, enhancements and new features. Most important it also contains one security bug-fix which was filled as CVE-2016-4970 and can lead to a DOS. Because of this security bugfix you should upgrade ASAP if you use our OpenSslEngine which is true if you have netty-tcnative on your classpath and openssl libraries installed on the system.

The most important changes are:

• OpenSslEngine writePlaintextData WANT_READ with no data in BIO buffer (#5364)
• Fix the possible reference leak in Recycler (#5333)
• [#5104] Fix possible deadlock in DefaultChannelPipeline (#5110)
• PoolChunkList not correctly move PoolChunks when these are moved (#5089)
• Allow to create Unsafe ByteBuf implementations that not use a Cleaner to clean the native memory. (#5314)

For the details and all changes, please browse our issue tracker.

As always, please let us know if you find any issues. We love feedback!

Thank You

Every idea and bug-report counts and so we thought it is worth mentioning those who helped in this area. Please report an unintended omission.

• @alugowski
• @danbev
• @buchgr
• @carl-mastrangelo
• @CodingFabian
• @dschobel
• @earthling
• @geri-m
• @hyangtack
• @floragunncom
• @ifesdjeen
• @Janmm14
• @MilosFabian
• @nayato
• @NiteshKant
• @nmittler
• @normanmaurer
• @rkapsi
• @samjegal
• @Scottmitch
• @shawn11ZX
• @slaskawi
• @steven-aerts
• @sunrenjie
• @Techcable
• @trustin
• @vietj
• @windie
• @zhangkun83