Skip navigation

Netty 4.1.71.Final released

We are happy to announce the release of netty 4.1.71.Final. This is mainly a bug-fix release but also contains a fix for HTTP-request-smuggling and fixes a regression in SslHandler. Because of this we urge everyone to upgrade as soon as possible.

The most important changes are:

  • HTTP fails to validate against control chars in header names which may lead to HTTP request smuggling (CVE-2021-43797)
  • JdkZlibEncoder can use pooled heap buffers for deflater input (#11891)
  • Ensure we always run the register task of native libraries (#11887)
  • Rewrite and simplify Recycler (#11858)
  • Do not allow third parties to provide Netty's native libraries (#11856)
  • Fix reentrancy bug in SslHandler which can cause IllegalReferenceCountException (#11854)
  • Correctly handle InputStream.read() when it return -1 during writing to the ByteBuf (#11837)

For the details and all changes, please browse our issue tracker for 4.1.71.Final.

Thank You

Every idea and bug-report counts and so we thought it is worth mentioning those who helped in this area.

Please report an unintended omission.