Skip navigation

Netty 4.1.48.Final released

I am happy to announce the release of netty 4.1.48.Final shortly after our last release. We decided to release this fast to be able to provide support for SameSite as fast as possible as more and more browsers are depending on it and also to ensure HttpObjectDecoder will limit the number of control-chars prior to parsing the initial line. If you use the HTTP/1.x codec of Netty please upgrade as soon as possible.

The most important changes in this release are:

  • HttpObjectDecoder should limit the number of control chars (#10112)
  • Close SocketChannel upon exceptions to avoid leaking (#10110)
  • Ensure WebSocket*Handshaker can not corrupt pipeline when HttpProxyHandler is used (#10103)
  • Fix WebSocketClientHandshaker not generating correct handshake request when path is empty (#10095)
  • Added support for the SameSite attribute in Cookies (#10050)

For the details and all changes, please browse our issue tracker for 4.1.48.Final.

Details

SameSite attribute

As we are not able to break APIs until we release a new major version we couldn't add support for SameSite attribute to the Cookie interface itself and so you can only set it on DefaultCookie itself.

For more details on what this is all about please have a look at the related RFC section.

Thank You

Every idea and bug-report counts and so we thought it is worth mentioning those who helped in this area. Please report an unintended omission.