We are happy to announce the release of netty 4.1.127.Final. This is a bug-fix release which fixes a regression introduced by 4.1.126.Final that might affect you if you use BouncyCastle. We decided to do a quick follow-up release here so people that depend on it can still get the fixes for CVE-2025-58057 and CVE-2025-58056 that were part of 4.1.125.Final.

The most important changes are:

• BouncyCastleAlpnSslUtils needs to use the correct SSLEngine class as otherwise it will fail to init static fields. (#15628)

For more details please visit our bug tracker

Thank You

Every idea and bug-report counts, and so we thought it is worth mentioning those who helped in this area.

Please report an unintended omission.

• @chrisvest
• @jponge
• @normanmaurer
• @sberyozkin