Skip navigation

Netty 4.1.115.Final released

We are happy to announce the release of netty 4.1.115.Final. This is a bug-fix release but also include a fix for (CVE-2024-47535) which we rate as very low as the attacker needs to have access to the local filesystem with the right permissions.

The most important changes are:

  • Allow MessageToMessageDecoder to take care of reading more data when needed (#14372)
  • Fix SSL session resumption with ClientAuth.OPTIONAL and add tests with session tickets (#14404)
  • Fix incorrect cast in NioDomainSocketChannel.parent() (#14409)
  • Fix bug where SslHandler may stall after TLSv1.3 handshake with delegate tasks (#14411)
  • AdaptiveByteBufAllocator: Make pooling of AdaptiveByteBuf magazine local (#14414)
  • Specialize Adaptive's allocator Recycler based on magazine's owner (#14421)
  • Fix epoll_wait retry loop (#14425)
  • Log / include the correct error during handshake failure (#14428)
  • Convey autoAckPing in http2 decoder constructor chain (#14429)
  • Allow to set used named groups per OpenSslContext (#14433)
  • Verify default named groups before using them with native SSL implementation (#14434)
  • Include details on why it was not possible to configure accepted issuers in the SSLException (#14435)
  • Correctly detect if KeyManager is not supported by OpenSSL version (#14437)
  • Preserve ordering of default named groups during conversation (#14447)
  • Denial of Service attack on windows app using netty (CVE-2024-47535)

For more details please visit our bug tracker

Thank You

Every idea and bug-report counts, and so we thought it is worth mentioning those who helped in this area.

Please report an unintended omission.