We are happy to announce the release of netty 4.2.12.Final. This is a bug-fix release that fixes a regression introduced in 4.2.11.Final.

We strongly recommend upgrading to this version to get the security fixes included in 4.2.11.Final.

The security fixes are:

• CVE-2026-33871 rated high. This is an HTTP/2 CONTINUATION frame flood Denial of Service vulnerability.
• CVE-2026-33870 rated high. This is an HTTP/1.1 Request Smuggling vulnerability in chunked encoding parsing.

The regerssion fix is:

• Revert "Eliminate redundant bounds checks in CompositeByteBuf accessors" (#16550)

For more details please see the complete release notes: https://github.com/netty/netty/releases/tag/netty-4.2.12.Final

Thank You

Every idea and bug-report counts, and so we thought it is worth mentioning those who helped in this area.

Please report an unintended omission.

• @chrisvest