Skip navigation

Netty 4.2.7.Final released

by normanmaurer
on

We are happy to announce the release of netty 4.2.7.Final. This is a bug-fix release but also contains some new features. Beside this it also fixes CVE-2025-59419 which might affect you if you make use of our SMTP implementation.

The most important changes are:

  • SMTP Command Injection Vulnerability Allowing Email Forgery (CVE-2025-59419)
  • Faster leak detector implementation for tests (#15622)
  • Expose metrics from AutoScalingEventExecutorChooserFactory (#15624)
  • Teach the BoringSSL implementation to use a java.security.Signature for keys that cannot be obtained directly (#15626)
  • Drop unknown frame on missing stream in first packet (#15646)
  • IoUring: Add support IntegerUnixChannelOption and RawUnixChannelOption (#15706)
  • IoUring: Don't delay close operation if we still wait for the second notification when using zero copy (#15709)
  • IoUring: Only free resourcees once we are sure no more events are handled by the handle (#15710)
  • Fix Snappy compression bug (#15712)
  • Allow CertificateBuilder to specify Provider instance to use (#15722)
  • Fix aligned off-heap zeroing (#15740)
  • buffer: Fix JFR deadlock during ReturnChunkEvent initialization (#15740)
  • Fix concurrent chunk data write bug in adaptive allocator (#15652)
  • OpenSSL: Allow to configure named groups via SSLParameters on Java20+ (#15660)
  • Move polymorphic VarHandle calls to separate class to avoid Android verification error (#15661)
  • Kqueue: Ensure classes can be loaded even if native lib is not on the classpath or platform not supported (#15669)
  • buffer: centralize VarHandle byte[] access in VarHandleByteBufferAccess (#15670)
  • Epoll: Ensure classes can be loaded even if native lib is not on the classpath or platform not supported (#15671)
  • IoUring: Ensure classes can be loaded even if native lib is not on the classpath or platform not supported (#15672)
  • Update jni-util version to clarify licensing (#15687)
  • IoUring: Always correctly handle IORING_CQE_F_MORE flag when using zero copy send (#15692)
  • IoUring: Fix debug log message which shows which features are supported (#15693)

For more details please visit our bug tracker

Special notes

Faster leak detector implementation for tests

If you are using paranoid leak detection for unit testing, consider trying LeakPresenceDetector for more efficient leak detection. See (#15622) for more details.

Thank You

Every idea and bug-report counts, and so we thought it is worth mentioning those who helped in this area.

Please report an unintended omission