Netty 4.1.71.Final released
We are happy to announce the release of netty 4.1.71.Final. This is mainly a bug-fix release but also contains a fix for HTTP-request-smuggling and fixes a regression in
SslHandler. Because of this we urge everyone to upgrade as soon as possible.
The most important changes are:
- HTTP fails to validate against control chars in header names which may lead to HTTP request smuggling (CVE-2021-43797)
- JdkZlibEncoder can use pooled heap buffers for deflater input (#11891)
- Ensure we always run the register task of native libraries (#11887)
- Rewrite and simplify Recycler (#11858)
- Do not allow third parties to provide Netty's native libraries (#11856)
- Fix reentrancy bug in SslHandler which can cause IllegalReferenceCountException (#11854)
- Correctly handle InputStream.read() when it return -1 during writing to the ByteBuf (#11837)
For the details and all changes, please browse our issue tracker for 4.1.71.Final.
Every idea and bug-report counts and so we thought it is worth mentioning those who helped in this area.
Please report an unintended omission.