Bump io.netty:netty-buffer from 4.2.10.Final to 4.2.12.Final in the dependencies group by dependabot[bot] · Pull Request #249 · hyperxpro/Brotli4j

dependabot · 2026-04-01T20:07:35Z

Bumps the dependencies group with 1 update: io.netty:netty-buffer.

Updates io.netty:netty-buffer from 4.2.10.Final to 4.2.12.Final

Release notes

Sourced from io.netty:netty-buffer's releases.

netty-4.2.12.Final

What's Changed

Revert "Eliminate redundant bounds checks in CompositeByteBuf accessors" by @chrisvest in netty/netty#16550

Full Changelog: netty/netty@netty-4.2.11.Final...netty-4.2.12.Final

netty-4.2.11.Final

Security

CVE-2026-33871, HTTP/2 CONTINUATION Frame Flood Denial of Service

CVE-2026-33870, HTTP Request Smuggling via Chunked Extension Quoted-String Parsing

What's Changed

Update to latest JDK 26 EA release by @normanmaurer in netty/netty#16230

HTTP3: Allow to support non-standard HTTP3 settings by @normanmaurer in netty/netty#16171

Fix Incorrect nanos-to-millis conversion in epoll_wait EINTR retry loop by @adwsingh in netty/netty#16245

Allocate one large segment and slice for each MsgHdrMemory by @dreamlike-ocean in netty/netty#16234

Make RefCntOpenSslContext.deallocate more robust by @chrisvest in netty/netty#16253

Epoll: Fix excessive CPU usage when Channel is only registered but no… by @normanmaurer in netty/netty#16250

Update to gcc for arm 10.3-2021.07 by @m1ngyuan in netty/netty#16255

Add acmeIdentifier extension support to pkitesting by @chrisvest in netty/netty#16256

Update JDK versions to latest patch releases by @m1ngyuan in netty/netty#16254

Avoid allocation in HttpObjectEncoder.addEncodedLengthHex method by @doom369 in netty/netty#16241

Automatic backporting workflow from 4.1 to 4.2 by @chrisvest in netty/netty#16269

Revert "Automatic backporting workflow from 4.1 to 4.2" by @chrisvest in netty/netty#16270

HTTP2: Correctly account for padding when decompress by @normanmaurer in netty/netty#16264

Automatic backporting workflow from 4.1 to 4.2 by @chrisvest in netty/netty#16271

Automatic backporting workflow from 4.1 to 4.2 by @chrisvest in netty/netty#16273

Backport PRs must be created with personal access tokens by @chrisvest in netty/netty#16276

Expose QuicSslContextBuilder::sni by @ZeroErrors in netty/netty#16178

Add more porting workflows by @chrisvest in netty/netty#16275

Add more porting workflows by @chrisvest in netty/netty#16283

Remove the unpooled allocator from test permutations by @chrisvest in netty/netty#16282

Some polishing of the porting workflows by @chrisvest in netty/netty#16288

Allow to set destination connection id when creating a client side QuicheChannel by @normanmaurer in netty/netty#16286

Update to latest JDK26 EA build by @normanmaurer in netty/netty#16295

Add javadoc to clarify responsibility of the user when generating the remote connection id by @normanmaurer in netty/netty#16293

Make the build run faster by @chrisvest in netty/netty#16290

Fix IDE warnings in SslHandler by @doom369 in netty/netty#16237

Decrease Long allocations and map.put calls in ReferenceCountedOpenSllEngine in handshake() method by @doom369 in netty/netty#16242

Support boringssl SSLCredential API by @jmcrawford45 in netty/netty#15919

Fix high-order bit aliasing in HttpUtil.validateToken by @furkanvarol in netty/netty#16279

Improve multi-byte access performance when UNALIGNED availability is unknown by @Songdoeon in netty/netty#16207

Avoid unnecessary SSL.getVersion() call and string allocation in ReferenceCountedOpenSslEngine by @doom369 in netty/netty#16278

Support more branch freedom for auto-porting by @chrisvest in netty/netty#16300

fix: the precedence of + is higher than >> by @cuiweixie in netty/netty#16312

AdaptiveByteBufAllocator: make sure byteBuf.capacity() not greater than byteBuf.maxCapacity() by @laosijikaichele in netty/netty#16309

Fix flaky PooledByteBufAllocatorTest by @chrisvest in netty/netty#16313

Fix pooled arena accounting tests by @chrisvest in netty/netty#16321

... (truncated)

Commits

67ce541 [maven-release-plugin] prepare release netty-4.2.12.Final
7074624 Revert "Eliminate redundant bounds checks in CompositeByteBuf accessors" (#16...
c3b0a43 [maven-release-plugin] prepare for next development iteration
c94a818 [maven-release-plugin] prepare release netty-4.2.11.Final
3b76df1 Merge commit from fork
aae944a Auto-port 4.2: Limit the number of Continuation frames per HTTP2 Headers (#16...
6001499 Eliminate redundant bounds checks in CompositeByteBuf accessors (#16525)
a7fbb6f JdkZlibDecoder: accumulate decompressed output before firing channelRead (#16...
7937553 Enforce io.netty.maxDirectMemory accounting on all Java versions (#16489)
893ea2e Allocate less in QueryStringDecoder.addParam for typical use case (#16527)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the dependencies group with 1 update: [io.netty:netty-buffer](https://github.com/netty/netty). Updates `io.netty:netty-buffer` from 4.2.10.Final to 4.2.12.Final - [Release notes](https://github.com/netty/netty/releases) - [Commits](netty/netty@netty-4.2.10.Final...netty-4.2.12.Final) --- updated-dependencies: - dependency-name: io.netty:netty-buffer dependency-version: 4.2.12.Final dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Apr 1, 2026

hyperxpro approved these changes Apr 1, 2026

View reviewed changes

hyperxpro merged commit c860ffa into main Apr 1, 2026
30 checks passed

hyperxpro deleted the dependabot/maven/dependencies-eff4c59045 branch April 1, 2026 21:29

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump io.netty:netty-buffer from 4.2.10.Final to 4.2.12.Final in the dependencies group#249

Bump io.netty:netty-buffer from 4.2.10.Final to 4.2.12.Final in the dependencies group#249
hyperxpro merged 1 commit into
mainfrom
dependabot/maven/dependencies-eff4c59045

dependabot Bot commented on behalf of github Apr 1, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

dependabot Bot commented on behalf of github Apr 1, 2026

netty-4.2.12.Final

What's Changed

netty-4.2.11.Final

Security

What's Changed

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant