I am happy to announce the release of netty 4.1.59.Final, which beside fixing various bugs also contains a security fix which may affect you if you use the HttpPostRequestDecoder
or HttpPostMultiPartRequestDecoder
.
For more details about the impact of the CVE check the Security Advisory.
The most important changes are:
- Implement SWAR indexOf byte search (#10737)
- Correctly filter out TLSv1.3 ciphers if TLSv1.3 is not enabled (#10919)
- Allow blocking calls in UnixResolverDnsServerAddressStreamProvider#parse (#10935)
- Ignore priority frames for non existing streams and so prevent a NPE (#10943)
- Make native loading logging less confusing (#10944)
- Use GracefulShutdown when stream space is exhausted (#10946)
- Correctly handle fragmentation in JdkZlibDecoder (#10948)
- Merge WebSocket extensions (#10956)
- Override ALPN methods on ReferenceCountedOpenSslEngine (#10954)
- Fix possible SEGV when using native dns resolver on macos (#10971)
- Revert “Enable SSL_MODE_ENABLE_FALSE_START if jdkCompatibilityMode is false (#10980)
- Introduce SslContextOption which can be used for “optional” features in SslContext implementations (#10981)
- Fix memory release failure when “maxNumElems == 1” of PoolSubpage (#10988)
- Revert HttpPostMultipartRequestDecoder and HttpPostStandardRequestDecoder to e5951d4 (#10989)
Thank You
Every idea and bug-report counts and so we thought it is worth mentioning those who helped in this area.
Please report an unintended omission.
- @atropnikov
- @bryce-anderson
- @carl-mastrangelo
- @chrisvest
- @danielflower
- @duke-bartholomew
- @doom369
- @franz1981
- @mrksngl
- @normanmaurer
- @slandelle
- @violetagg
- @violetgo
- @ZzxyNn
转自 https://netty.io/news/2021/02/08/4-1-59-Final.html