Skip navigation

Netty 4.1.94.Final released

We are happy to announce the release of netty 4.1.94.Final. This is mainly a bug-fix release but also contains a fix for a possible security issue (CVE-2023-34462) when using SniHandler.

The most important changes are:

  • Respect offset in io.netty.util.NetUtil#toAddressString(byte[], int, boolean) (#13420)
  • Skip finalization for PoolThreadCache instances without small/normal caches (#13408)
  • Use network byte order when encoding ipv4 address and port for Socks codecs (#13427)
  • Call ReleaseByteArrayElements even when handling of socket_path fails to fix small mem leak (#13435)
  • Always enable leak tracking for derived buffers if parent is tracked (#13436)
  • Release DnsRecords when failing to notify promise (#13437)
  • Delay possibility to reuse transaction id when query is failing because of timeout or cancellation (#13446)
  • Implement contains for SelectedSelectionKeySet (#13452)
  • Use Two-Way for finding the delimiter in DelimiterBasedFrameDecoder (#13451)
  • Obtain the local address from the fd when the client connects only with remote address (UDS) (#13419)
  • Allow to limit the maximum lenght of the ClientHello (CVE-2023-34462)

For more details please visit our bug tracker

Thank You

Every idea and bug-report counts, and so we thought it is worth mentioning those who helped in this area.

Please report an unintended omission.