Netty 4.1.115.Final released
We are happy to announce the release of netty 4.1.115.Final. This is a bug-fix release but also include a fix for (CVE-2024-47535) which we rate as very low as the attacker needs to have access to the local filesystem with the right permissions.
The most important changes are:
- Allow MessageToMessageDecoder to take care of reading more data when needed (#14372)
- Fix SSL session resumption with ClientAuth.OPTIONAL and add tests with session tickets (#14404)
- Fix incorrect cast in NioDomainSocketChannel.parent() (#14409)
- Fix bug where SslHandler may stall after TLSv1.3 handshake with delegate tasks (#14411)
- AdaptiveByteBufAllocator: Make pooling of AdaptiveByteBuf magazine local (#14414)
- Specialize Adaptive's allocator Recycler based on magazine's owner (#14421)
- Fix epoll_wait retry loop (#14425)
- Log / include the correct error during handshake failure (#14428)
- Convey autoAckPing in http2 decoder constructor chain (#14429)
- Allow to set used named groups per OpenSslContext (#14433)
- Verify default named groups before using them with native SSL implementation (#14434)
- Include details on why it was not possible to configure accepted issuers in the SSLException (#14435)
- Correctly detect if KeyManager is not supported by OpenSSL version (#14437)
- Preserve ordering of default named groups during conversation (#14447)
- Denial of Service attack on windows app using netty (CVE-2024-47535)
For more details please visit our bug tracker
Thank You
Every idea and bug-report counts, and so we thought it is worth mentioning those who helped in this area.
Please report an unintended omission.