Netty 4.1.48.Final released
I am happy to announce the release of netty 4.1.48.Final shortly after our last release. We decided to release this fast to be able to provide support for
SameSite as fast as possible as more and more browsers are depending on it and also to ensure
HttpObjectDecoder will limit the number of control-chars prior to parsing the initial line. If you use the HTTP/1.x codec of Netty please upgrade as soon as possible.
The most important changes in this release are:
- HttpObjectDecoder should limit the number of control chars (#10112)
- Close SocketChannel upon exceptions to avoid leaking (#10110)
- Ensure WebSocket*Handshaker can not corrupt pipeline when HttpProxyHandler is used (#10103)
- Fix WebSocketClientHandshaker not generating correct handshake request when path is empty (#10095)
- Added support for the SameSite attribute in Cookies (#10050)
For the details and all changes, please browse our issue tracker for 4.1.48.Final.
As we are not able to break APIs until we release a new major version we couldn't add support for
SameSite attribute to the
Cookie interface itself and so you can only set it on
For more details on what this is all about please have a look at the related RFC section.
Every idea and bug-report counts and so we thought it is worth mentioning those who helped in this area. Please report an unintended omission.