Netty 4.1.94.Final released
We are happy to announce the release of netty 4.1.94.Final. This is mainly a bug-fix release but also contains a fix for a possible security issue (CVE-2023-34462) when using SniHandler.
The most important changes are:
- Respect offset in io.netty.util.NetUtil#toAddressString(byte, int, boolean) (#13420)
- Skip finalization for PoolThreadCache instances without small/normal caches (#13408)
- Use network byte order when encoding ipv4 address and port for Socks codecs (#13427)
- Call ReleaseByteArrayElements even when handling of socket_path fails to fix small mem leak (#13435)
- Always enable leak tracking for derived buffers if parent is tracked (#13436)
- Release DnsRecords when failing to notify promise (#13437)
- Delay possibility to reuse transaction id when query is failing because of timeout or cancellation (#13446)
- Implement contains for SelectedSelectionKeySet (#13452)
- Use Two-Way for finding the delimiter in DelimiterBasedFrameDecoder (#13451)
- Obtain the local address from the fd when the client connects only with remote address (UDS) (#13419)
- Allow to limit the maximum lenght of the ClientHello (CVE-2023-34462)
For more details please visit our bug tracker
Every idea and bug-report counts, and so we thought it is worth mentioning those who helped in this area.
Please report an unintended omission.