Merged
Conversation
Motivation: Following the success of netty#16273 we should also have workflows for porting 4.2 -> 5.0, and 5.0 -> 4.2. Modification: Copy the 4.2 -> 4.1 porting workflow and make adjustments to port between 4.2 and 5.0. Result: More automated PR porting between our branches.
Motivation: When creating a PR using a workflow GITHUB_TOKEN, then no additional workflows are triggered. This means our CI build is not started on automatic backport PRs: https://docs.github.com/en/actions/concepts/security/github_token#when-github_token-triggers-workflow-runs Modification: Use a personal access token when creating the backport PR, instead of GITHUB_TOKEN. Result: Backport PRs should now have CI triggered.
Member
Author
|
Build failures may be address by #16282 |
netty-project-bot
pushed a commit
that referenced
this pull request
Feb 17, 2026
Motivation: Following the success of #16273 we should also have workflows for porting 4.2 -> 5.0, and 5.0 -> 4.2. Modification: Copy the 4.2 -> 4.1 porting workflow and make adjustments to port between 4.2 and 5.0. Result: More automated PR porting between our branches. (cherry picked from commit b31b49c)
chrisvest
added a commit
that referenced
this pull request
Feb 17, 2026
This reverts commit b31b49c.
chrisvest
added a commit
that referenced
this pull request
Feb 17, 2026
This reverts commit b31b49c.
chrisvest
added a commit
to chrisvest/netty
that referenced
this pull request
Feb 17, 2026
This reverts commit 4f9467d.
chrisvest
added a commit
to chrisvest/netty
that referenced
this pull request
Feb 17, 2026
Motivation: Following the success of netty#16273 we should also have workflows for porting 4.2 -> 5.0, and 5.0 -> 4.2. Modification: Copy the 4.2 -> 4.1 porting workflow and make adjustments to port between 4.2 and 5.0. Result: More automated PR porting between our branches. Also fixes from issues identified with netty#16275
chrisvest
added a commit
that referenced
this pull request
Feb 17, 2026
Motivation: Following the success of #16273 we should also have workflows for porting 4.2 -> 5.0, and 5.0 -> 4.2. Modification: Copy the 4.2 -> 4.1 porting workflow and make adjustments to port between 4.2 and 5.0. Result: More automated PR porting between our branches. Also fixes from issues identified with #16275
netty-project-bot
pushed a commit
that referenced
this pull request
Feb 17, 2026
Motivation: Following the success of #16273 we should also have workflows for porting 4.2 -> 5.0, and 5.0 -> 4.2. Modification: Copy the 4.2 -> 4.1 porting workflow and make adjustments to port between 4.2 and 5.0. Result: More automated PR porting between our branches. Also fixes from issues identified with #16275 (cherry picked from commit 6c611ec)
chrisvest
added a commit
that referenced
this pull request
Feb 17, 2026
Backport of #16283 to 4.1 Cherry-picked commit: 6c611ec --- Motivation: Following the success of #16273 we should also have workflows for porting 4.2 -> 5.0, and 5.0 -> 4.2. Modification: Copy the 4.2 -> 4.1 porting workflow and make adjustments to port between 4.2 and 5.0. Result: More automated PR porting between our branches. Also fixes from issues identified with #16275 Co-authored-by: Chris Vest <christianvest_hansen@apple.com>
netty-project-bot
pushed a commit
that referenced
this pull request
Feb 17, 2026
Motivation: Following the success of #16273 we should also have workflows for porting 4.2 -> 5.0, and 5.0 -> 4.2. Modification: Copy the 4.2 -> 4.1 porting workflow and make adjustments to port between 4.2 and 5.0. Result: More automated PR porting between our branches. Also fixes from issues identified with #16275 (cherry picked from commit 6c611ec)
chrisvest
added a commit
that referenced
this pull request
Feb 17, 2026
Forward port of #16283 to 5.0 Cherry-picked commit: 6c611ec --- Motivation: Following the success of #16273 we should also have workflows for porting 4.2 -> 5.0, and 5.0 -> 4.2. Modification: Copy the 4.2 -> 4.1 porting workflow and make adjustments to port between 4.2 and 5.0. Result: More automated PR porting between our branches. Also fixes from issues identified with #16275 Co-authored-by: Chris Vest <christianvest_hansen@apple.com>
mergify bot
added a commit
to ArcadeData/arcadedb
that referenced
this pull request
Mar 29, 2026
…l [skip ci] Bumps [io.netty:netty-all](https://github.com/netty/netty) from 4.2.10.Final to 4.2.12.Final. Release notes *Sourced from [io.netty:netty-all's releases](https://github.com/netty/netty/releases).* > netty-4.2.12.Final > ------------------ > > What's Changed > -------------- > > * Revert "Eliminate redundant bounds checks in CompositeByteBuf accessors" by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16550](https://redirect.github.com/netty/netty/pull/16550) > > **Full Changelog**: <netty/netty@netty-4.2.11.Final...netty-4.2.12.Final> > > netty-4.2.11.Final > ------------------ > > Security > -------- > > * CVE-2026-33871, [HTTP/2 CONTINUATION Frame Flood Denial of Service](GHSA-w9fj-cfpg-grvv) > * CVE-2026-33870, [HTTP Request Smuggling via Chunked Extension Quoted-String Parsing](GHSA-pwqr-wmgm-9rr8) > > What's Changed > -------------- > > * Update to latest JDK 26 EA release by [`@normanmaurer`](https://github.com/normanmaurer) in [netty/netty#16230](https://redirect.github.com/netty/netty/pull/16230) > * HTTP3: Allow to support non-standard HTTP3 settings by [`@normanmaurer`](https://github.com/normanmaurer) in [netty/netty#16171](https://redirect.github.com/netty/netty/pull/16171) > * Fix Incorrect nanos-to-millis conversion in epoll\_wait EINTR retry loop by [`@adwsingh`](https://github.com/adwsingh) in [netty/netty#16245](https://redirect.github.com/netty/netty/pull/16245) > * Allocate one large segment and slice for each MsgHdrMemory by [`@dreamlike-ocean`](https://github.com/dreamlike-ocean) in [netty/netty#16234](https://redirect.github.com/netty/netty/pull/16234) > * Make RefCntOpenSslContext.deallocate more robust by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16253](https://redirect.github.com/netty/netty/pull/16253) > * Epoll: Fix excessive CPU usage when Channel is only registered but no… by [`@normanmaurer`](https://github.com/normanmaurer) in [netty/netty#16250](https://redirect.github.com/netty/netty/pull/16250) > * Update to gcc for arm 10.3-2021.07 by [`@m1ngyuan`](https://github.com/m1ngyuan) in [netty/netty#16255](https://redirect.github.com/netty/netty/pull/16255) > * Add acmeIdentifier extension support to pkitesting by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16256](https://redirect.github.com/netty/netty/pull/16256) > * Update JDK versions to latest patch releases by [`@m1ngyuan`](https://github.com/m1ngyuan) in [netty/netty#16254](https://redirect.github.com/netty/netty/pull/16254) > * Avoid allocation in HttpObjectEncoder.addEncodedLengthHex method by [`@doom369`](https://github.com/doom369) in [netty/netty#16241](https://redirect.github.com/netty/netty/pull/16241) > * Automatic backporting workflow from 4.1 to 4.2 by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16269](https://redirect.github.com/netty/netty/pull/16269) > * Revert "Automatic backporting workflow from 4.1 to 4.2" by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16270](https://redirect.github.com/netty/netty/pull/16270) > * HTTP2: Correctly account for padding when decompress by [`@normanmaurer`](https://github.com/normanmaurer) in [netty/netty#16264](https://redirect.github.com/netty/netty/pull/16264) > * Automatic backporting workflow from 4.1 to 4.2 by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16271](https://redirect.github.com/netty/netty/pull/16271) > * Automatic backporting workflow from 4.1 to 4.2 by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16273](https://redirect.github.com/netty/netty/pull/16273) > * Backport PRs must be created with personal access tokens by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16276](https://redirect.github.com/netty/netty/pull/16276) > * Expose QuicSslContextBuilder::sni by [`@ZeroErrors`](https://github.com/ZeroErrors) in [netty/netty#16178](https://redirect.github.com/netty/netty/pull/16178) > * Add more porting workflows by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16275](https://redirect.github.com/netty/netty/pull/16275) > * Add more porting workflows by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16283](https://redirect.github.com/netty/netty/pull/16283) > * Remove the unpooled allocator from test permutations by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16282](https://redirect.github.com/netty/netty/pull/16282) > * Some polishing of the porting workflows by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16288](https://redirect.github.com/netty/netty/pull/16288) > * Allow to set destination connection id when creating a client side QuicheChannel by [`@normanmaurer`](https://github.com/normanmaurer) in [netty/netty#16286](https://redirect.github.com/netty/netty/pull/16286) > * Update to latest JDK26 EA build by [`@normanmaurer`](https://github.com/normanmaurer) in [netty/netty#16295](https://redirect.github.com/netty/netty/pull/16295) > * Add javadoc to clarify responsibility of the user when generating the remote connection id by [`@normanmaurer`](https://github.com/normanmaurer) in [netty/netty#16293](https://redirect.github.com/netty/netty/pull/16293) > * Make the build run faster by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16290](https://redirect.github.com/netty/netty/pull/16290) > * Fix IDE warnings in SslHandler by [`@doom369`](https://github.com/doom369) in [netty/netty#16237](https://redirect.github.com/netty/netty/pull/16237) > * Decrease Long allocations and map.put calls in ReferenceCountedOpenSllEngine in handshake() method by [`@doom369`](https://github.com/doom369) in [netty/netty#16242](https://redirect.github.com/netty/netty/pull/16242) > * Support boringssl SSLCredential API by [`@jmcrawford45`](https://github.com/jmcrawford45) in [netty/netty#15919](https://redirect.github.com/netty/netty/pull/15919) > * Fix high-order bit aliasing in HttpUtil.validateToken by [`@furkanvarol`](https://github.com/furkanvarol) in [netty/netty#16279](https://redirect.github.com/netty/netty/pull/16279) > * Improve multi-byte access performance when UNALIGNED availability is unknown by [`@Songdoeon`](https://github.com/Songdoeon) in [netty/netty#16207](https://redirect.github.com/netty/netty/pull/16207) > * Avoid unnecessary SSL.getVersion() call and string allocation in ReferenceCountedOpenSslEngine by [`@doom369`](https://github.com/doom369) in [netty/netty#16278](https://redirect.github.com/netty/netty/pull/16278) > * Support more branch freedom for auto-porting by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16300](https://redirect.github.com/netty/netty/pull/16300) > * fix: the precedence of + is higher than >> by [`@cuiweixie`](https://github.com/cuiweixie) in [netty/netty#16312](https://redirect.github.com/netty/netty/pull/16312) > * AdaptiveByteBufAllocator: make sure byteBuf.capacity() not greater than byteBuf.maxCapacity() by [`@laosijikaichele`](https://github.com/laosijikaichele) in [netty/netty#16309](https://redirect.github.com/netty/netty/pull/16309) > * Fix flaky PooledByteBufAllocatorTest by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16313](https://redirect.github.com/netty/netty/pull/16313) > * Fix pooled arena accounting tests by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16321](https://redirect.github.com/netty/netty/pull/16321) ... (truncated) Commits * [`67ce541`](netty/netty@67ce541) [maven-release-plugin] prepare release netty-4.2.12.Final * [`7074624`](netty/netty@7074624) Revert "Eliminate redundant bounds checks in CompositeByteBuf accessors" ([#16](https://redirect.github.com/netty/netty/issues/16)... * [`c3b0a43`](netty/netty@c3b0a43) [maven-release-plugin] prepare for next development iteration * [`c94a818`](netty/netty@c94a818) [maven-release-plugin] prepare release netty-4.2.11.Final * [`3b76df1`](netty/netty@3b76df1) Merge commit from fork * [`aae944a`](netty/netty@aae944a) Auto-port 4.2: Limit the number of Continuation frames per HTTP2 Headers ([#16](https://redirect.github.com/netty/netty/issues/16)... * [`6001499`](netty/netty@6001499) Eliminate redundant bounds checks in CompositeByteBuf accessors ([#16525](https://redirect.github.com/netty/netty/issues/16525)) * [`a7fbb6f`](netty/netty@a7fbb6f) JdkZlibDecoder: accumulate decompressed output before firing channelRead ([#16](https://redirect.github.com/netty/netty/issues/16)... * [`7937553`](netty/netty@7937553) Enforce io.netty.maxDirectMemory accounting on all Java versions ([#16489](https://redirect.github.com/netty/netty/issues/16489)) * [`893ea2e`](netty/netty@893ea2e) Allocate less in QueryStringDecoder.addParam for typical use case ([#16527](https://redirect.github.com/netty/netty/issues/16527)) * Additional commits viewable in [compare view](netty/netty@netty-4.2.10.Final...netty-4.2.12.Final) [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
mergify bot
added a commit
to ArcadeData/arcadedb
that referenced
this pull request
Mar 29, 2026
…ip ci] Bumps `netty.version` from 4.2.10.Final to 4.2.12.Final. Updates `io.netty:netty-transport` from 4.2.10.Final to 4.2.12.Final Release notes *Sourced from [io.netty:netty-transport's releases](https://github.com/netty/netty/releases).* > netty-4.2.12.Final > ------------------ > > What's Changed > -------------- > > * Revert "Eliminate redundant bounds checks in CompositeByteBuf accessors" by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16550](https://redirect.github.com/netty/netty/pull/16550) > > **Full Changelog**: <netty/netty@netty-4.2.11.Final...netty-4.2.12.Final> > > netty-4.2.11.Final > ------------------ > > Security > -------- > > * CVE-2026-33871, [HTTP/2 CONTINUATION Frame Flood Denial of Service](GHSA-w9fj-cfpg-grvv) > * CVE-2026-33870, [HTTP Request Smuggling via Chunked Extension Quoted-String Parsing](GHSA-pwqr-wmgm-9rr8) > > What's Changed > -------------- > > * Update to latest JDK 26 EA release by [`@normanmaurer`](https://github.com/normanmaurer) in [netty/netty#16230](https://redirect.github.com/netty/netty/pull/16230) > * HTTP3: Allow to support non-standard HTTP3 settings by [`@normanmaurer`](https://github.com/normanmaurer) in [netty/netty#16171](https://redirect.github.com/netty/netty/pull/16171) > * Fix Incorrect nanos-to-millis conversion in epoll\_wait EINTR retry loop by [`@adwsingh`](https://github.com/adwsingh) in [netty/netty#16245](https://redirect.github.com/netty/netty/pull/16245) > * Allocate one large segment and slice for each MsgHdrMemory by [`@dreamlike-ocean`](https://github.com/dreamlike-ocean) in [netty/netty#16234](https://redirect.github.com/netty/netty/pull/16234) > * Make RefCntOpenSslContext.deallocate more robust by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16253](https://redirect.github.com/netty/netty/pull/16253) > * Epoll: Fix excessive CPU usage when Channel is only registered but no… by [`@normanmaurer`](https://github.com/normanmaurer) in [netty/netty#16250](https://redirect.github.com/netty/netty/pull/16250) > * Update to gcc for arm 10.3-2021.07 by [`@m1ngyuan`](https://github.com/m1ngyuan) in [netty/netty#16255](https://redirect.github.com/netty/netty/pull/16255) > * Add acmeIdentifier extension support to pkitesting by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16256](https://redirect.github.com/netty/netty/pull/16256) > * Update JDK versions to latest patch releases by [`@m1ngyuan`](https://github.com/m1ngyuan) in [netty/netty#16254](https://redirect.github.com/netty/netty/pull/16254) > * Avoid allocation in HttpObjectEncoder.addEncodedLengthHex method by [`@doom369`](https://github.com/doom369) in [netty/netty#16241](https://redirect.github.com/netty/netty/pull/16241) > * Automatic backporting workflow from 4.1 to 4.2 by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16269](https://redirect.github.com/netty/netty/pull/16269) > * Revert "Automatic backporting workflow from 4.1 to 4.2" by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16270](https://redirect.github.com/netty/netty/pull/16270) > * HTTP2: Correctly account for padding when decompress by [`@normanmaurer`](https://github.com/normanmaurer) in [netty/netty#16264](https://redirect.github.com/netty/netty/pull/16264) > * Automatic backporting workflow from 4.1 to 4.2 by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16271](https://redirect.github.com/netty/netty/pull/16271) > * Automatic backporting workflow from 4.1 to 4.2 by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16273](https://redirect.github.com/netty/netty/pull/16273) > * Backport PRs must be created with personal access tokens by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16276](https://redirect.github.com/netty/netty/pull/16276) > * Expose QuicSslContextBuilder::sni by [`@ZeroErrors`](https://github.com/ZeroErrors) in [netty/netty#16178](https://redirect.github.com/netty/netty/pull/16178) > * Add more porting workflows by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16275](https://redirect.github.com/netty/netty/pull/16275) > * Add more porting workflows by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16283](https://redirect.github.com/netty/netty/pull/16283) > * Remove the unpooled allocator from test permutations by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16282](https://redirect.github.com/netty/netty/pull/16282) > * Some polishing of the porting workflows by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16288](https://redirect.github.com/netty/netty/pull/16288) > * Allow to set destination connection id when creating a client side QuicheChannel by [`@normanmaurer`](https://github.com/normanmaurer) in [netty/netty#16286](https://redirect.github.com/netty/netty/pull/16286) > * Update to latest JDK26 EA build by [`@normanmaurer`](https://github.com/normanmaurer) in [netty/netty#16295](https://redirect.github.com/netty/netty/pull/16295) > * Add javadoc to clarify responsibility of the user when generating the remote connection id by [`@normanmaurer`](https://github.com/normanmaurer) in [netty/netty#16293](https://redirect.github.com/netty/netty/pull/16293) > * Make the build run faster by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16290](https://redirect.github.com/netty/netty/pull/16290) > * Fix IDE warnings in SslHandler by [`@doom369`](https://github.com/doom369) in [netty/netty#16237](https://redirect.github.com/netty/netty/pull/16237) > * Decrease Long allocations and map.put calls in ReferenceCountedOpenSllEngine in handshake() method by [`@doom369`](https://github.com/doom369) in [netty/netty#16242](https://redirect.github.com/netty/netty/pull/16242) > * Support boringssl SSLCredential API by [`@jmcrawford45`](https://github.com/jmcrawford45) in [netty/netty#15919](https://redirect.github.com/netty/netty/pull/15919) > * Fix high-order bit aliasing in HttpUtil.validateToken by [`@furkanvarol`](https://github.com/furkanvarol) in [netty/netty#16279](https://redirect.github.com/netty/netty/pull/16279) > * Improve multi-byte access performance when UNALIGNED availability is unknown by [`@Songdoeon`](https://github.com/Songdoeon) in [netty/netty#16207](https://redirect.github.com/netty/netty/pull/16207) > * Avoid unnecessary SSL.getVersion() call and string allocation in ReferenceCountedOpenSslEngine by [`@doom369`](https://github.com/doom369) in [netty/netty#16278](https://redirect.github.com/netty/netty/pull/16278) > * Support more branch freedom for auto-porting by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16300](https://redirect.github.com/netty/netty/pull/16300) > * fix: the precedence of + is higher than >> by [`@cuiweixie`](https://github.com/cuiweixie) in [netty/netty#16312](https://redirect.github.com/netty/netty/pull/16312) > * AdaptiveByteBufAllocator: make sure byteBuf.capacity() not greater than byteBuf.maxCapacity() by [`@laosijikaichele`](https://github.com/laosijikaichele) in [netty/netty#16309](https://redirect.github.com/netty/netty/pull/16309) > * Fix flaky PooledByteBufAllocatorTest by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16313](https://redirect.github.com/netty/netty/pull/16313) > * Fix pooled arena accounting tests by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16321](https://redirect.github.com/netty/netty/pull/16321) ... (truncated) Commits * [`67ce541`](netty/netty@67ce541) [maven-release-plugin] prepare release netty-4.2.12.Final * [`7074624`](netty/netty@7074624) Revert "Eliminate redundant bounds checks in CompositeByteBuf accessors" ([#16](https://redirect.github.com/netty/netty/issues/16)... * [`c3b0a43`](netty/netty@c3b0a43) [maven-release-plugin] prepare for next development iteration * [`c94a818`](netty/netty@c94a818) [maven-release-plugin] prepare release netty-4.2.11.Final * [`3b76df1`](netty/netty@3b76df1) Merge commit from fork * [`aae944a`](netty/netty@aae944a) Auto-port 4.2: Limit the number of Continuation frames per HTTP2 Headers ([#16](https://redirect.github.com/netty/netty/issues/16)... * [`6001499`](netty/netty@6001499) Eliminate redundant bounds checks in CompositeByteBuf accessors ([#16525](https://redirect.github.com/netty/netty/issues/16525)) * [`a7fbb6f`](netty/netty@a7fbb6f) JdkZlibDecoder: accumulate decompressed output before firing channelRead ([#16](https://redirect.github.com/netty/netty/issues/16)... * [`7937553`](netty/netty@7937553) Enforce io.netty.maxDirectMemory accounting on all Java versions ([#16489](https://redirect.github.com/netty/netty/issues/16489)) * [`893ea2e`](netty/netty@893ea2e) Allocate less in QueryStringDecoder.addParam for typical use case ([#16527](https://redirect.github.com/netty/netty/issues/16527)) * Additional commits viewable in [compare view](netty/netty@netty-4.2.10.Final...netty-4.2.12.Final) Updates `io.netty:netty-codec` from 4.2.10.Final to 4.2.12.Final Release notes *Sourced from [io.netty:netty-codec's releases](https://github.com/netty/netty/releases).* > netty-4.2.12.Final > ------------------ > > What's Changed > -------------- > > * Revert "Eliminate redundant bounds checks in CompositeByteBuf accessors" by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16550](https://redirect.github.com/netty/netty/pull/16550) > > **Full Changelog**: <netty/netty@netty-4.2.11.Final...netty-4.2.12.Final> > > netty-4.2.11.Final > ------------------ > > Security > -------- > > * CVE-2026-33871, [HTTP/2 CONTINUATION Frame Flood Denial of Service](GHSA-w9fj-cfpg-grvv) > * CVE-2026-33870, [HTTP Request Smuggling via Chunked Extension Quoted-String Parsing](GHSA-pwqr-wmgm-9rr8) > > What's Changed > -------------- > > * Update to latest JDK 26 EA release by [`@normanmaurer`](https://github.com/normanmaurer) in [netty/netty#16230](https://redirect.github.com/netty/netty/pull/16230) > * HTTP3: Allow to support non-standard HTTP3 settings by [`@normanmaurer`](https://github.com/normanmaurer) in [netty/netty#16171](https://redirect.github.com/netty/netty/pull/16171) > * Fix Incorrect nanos-to-millis conversion in epoll\_wait EINTR retry loop by [`@adwsingh`](https://github.com/adwsingh) in [netty/netty#16245](https://redirect.github.com/netty/netty/pull/16245) > * Allocate one large segment and slice for each MsgHdrMemory by [`@dreamlike-ocean`](https://github.com/dreamlike-ocean) in [netty/netty#16234](https://redirect.github.com/netty/netty/pull/16234) > * Make RefCntOpenSslContext.deallocate more robust by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16253](https://redirect.github.com/netty/netty/pull/16253) > * Epoll: Fix excessive CPU usage when Channel is only registered but no… by [`@normanmaurer`](https://github.com/normanmaurer) in [netty/netty#16250](https://redirect.github.com/netty/netty/pull/16250) > * Update to gcc for arm 10.3-2021.07 by [`@m1ngyuan`](https://github.com/m1ngyuan) in [netty/netty#16255](https://redirect.github.com/netty/netty/pull/16255) > * Add acmeIdentifier extension support to pkitesting by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16256](https://redirect.github.com/netty/netty/pull/16256) > * Update JDK versions to latest patch releases by [`@m1ngyuan`](https://github.com/m1ngyuan) in [netty/netty#16254](https://redirect.github.com/netty/netty/pull/16254) > * Avoid allocation in HttpObjectEncoder.addEncodedLengthHex method by [`@doom369`](https://github.com/doom369) in [netty/netty#16241](https://redirect.github.com/netty/netty/pull/16241) > * Automatic backporting workflow from 4.1 to 4.2 by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16269](https://redirect.github.com/netty/netty/pull/16269) > * Revert "Automatic backporting workflow from 4.1 to 4.2" by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16270](https://redirect.github.com/netty/netty/pull/16270) > * HTTP2: Correctly account for padding when decompress by [`@normanmaurer`](https://github.com/normanmaurer) in [netty/netty#16264](https://redirect.github.com/netty/netty/pull/16264) > * Automatic backporting workflow from 4.1 to 4.2 by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16271](https://redirect.github.com/netty/netty/pull/16271) > * Automatic backporting workflow from 4.1 to 4.2 by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16273](https://redirect.github.com/netty/netty/pull/16273) > * Backport PRs must be created with personal access tokens by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16276](https://redirect.github.com/netty/netty/pull/16276) > * Expose QuicSslContextBuilder::sni by [`@ZeroErrors`](https://github.com/ZeroErrors) in [netty/netty#16178](https://redirect.github.com/netty/netty/pull/16178) > * Add more porting workflows by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16275](https://redirect.github.com/netty/netty/pull/16275) > * Add more porting workflows by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16283](https://redirect.github.com/netty/netty/pull/16283) > * Remove the unpooled allocator from test permutations by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16282](https://redirect.github.com/netty/netty/pull/16282) > * Some polishing of the porting workflows by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16288](https://redirect.github.com/netty/netty/pull/16288) > * Allow to set destination connection id when creating a client side QuicheChannel by [`@normanmaurer`](https://github.com/normanmaurer) in [netty/netty#16286](https://redirect.github.com/netty/netty/pull/16286) > * Update to latest JDK26 EA build by [`@normanmaurer`](https://github.com/normanmaurer) in [netty/netty#16295](https://redirect.github.com/netty/netty/pull/16295) > * Add javadoc to clarify responsibility of the user when generating the remote connection id by [`@normanmaurer`](https://github.com/normanmaurer) in [netty/netty#16293](https://redirect.github.com/netty/netty/pull/16293) > * Make the build run faster by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16290](https://redirect.github.com/netty/netty/pull/16290) > * Fix IDE warnings in SslHandler by [`@doom369`](https://github.com/doom369) in [netty/netty#16237](https://redirect.github.com/netty/netty/pull/16237) > * Decrease Long allocations and map.put calls in ReferenceCountedOpenSllEngine in handshake() method by [`@doom369`](https://github.com/doom369) in [netty/netty#16242](https://redirect.github.com/netty/netty/pull/16242) > * Support boringssl SSLCredential API by [`@jmcrawford45`](https://github.com/jmcrawford45) in [netty/netty#15919](https://redirect.github.com/netty/netty/pull/15919) > * Fix high-order bit aliasing in HttpUtil.validateToken by [`@furkanvarol`](https://github.com/furkanvarol) in [netty/netty#16279](https://redirect.github.com/netty/netty/pull/16279) > * Improve multi-byte access performance when UNALIGNED availability is unknown by [`@Songdoeon`](https://github.com/Songdoeon) in [netty/netty#16207](https://redirect.github.com/netty/netty/pull/16207) > * Avoid unnecessary SSL.getVersion() call and string allocation in ReferenceCountedOpenSslEngine by [`@doom369`](https://github.com/doom369) in [netty/netty#16278](https://redirect.github.com/netty/netty/pull/16278) > * Support more branch freedom for auto-porting by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16300](https://redirect.github.com/netty/netty/pull/16300) > * fix: the precedence of + is higher than >> by [`@cuiweixie`](https://github.com/cuiweixie) in [netty/netty#16312](https://redirect.github.com/netty/netty/pull/16312) > * AdaptiveByteBufAllocator: make sure byteBuf.capacity() not greater than byteBuf.maxCapacity() by [`@laosijikaichele`](https://github.com/laosijikaichele) in [netty/netty#16309](https://redirect.github.com/netty/netty/pull/16309) > * Fix flaky PooledByteBufAllocatorTest by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16313](https://redirect.github.com/netty/netty/pull/16313) > * Fix pooled arena accounting tests by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16321](https://redirect.github.com/netty/netty/pull/16321) ... (truncated) Commits * [`67ce541`](netty/netty@67ce541) [maven-release-plugin] prepare release netty-4.2.12.Final * [`7074624`](netty/netty@7074624) Revert "Eliminate redundant bounds checks in CompositeByteBuf accessors" ([#16](https://redirect.github.com/netty/netty/issues/16)... * [`c3b0a43`](netty/netty@c3b0a43) [maven-release-plugin] prepare for next development iteration * [`c94a818`](netty/netty@c94a818) [maven-release-plugin] prepare release netty-4.2.11.Final * [`3b76df1`](netty/netty@3b76df1) Merge commit from fork * [`aae944a`](netty/netty@aae944a) Auto-port 4.2: Limit the number of Continuation frames per HTTP2 Headers ([#16](https://redirect.github.com/netty/netty/issues/16)... * [`6001499`](netty/netty@6001499) Eliminate redundant bounds checks in CompositeByteBuf accessors ([#16525](https://redirect.github.com/netty/netty/issues/16525)) * [`a7fbb6f`](netty/netty@a7fbb6f) JdkZlibDecoder: accumulate decompressed output before firing channelRead ([#16](https://redirect.github.com/netty/netty/issues/16)... * [`7937553`](netty/netty@7937553) Enforce io.netty.maxDirectMemory accounting on all Java versions ([#16489](https://redirect.github.com/netty/netty/issues/16489)) * [`893ea2e`](netty/netty@893ea2e) Allocate less in QueryStringDecoder.addParam for typical use case ([#16527](https://redirect.github.com/netty/netty/issues/16527)) * Additional commits viewable in [compare view](netty/netty@netty-4.2.10.Final...netty-4.2.12.Final) Updates `io.netty:netty-handler` from 4.2.10.Final to 4.2.12.Final Release notes *Sourced from [io.netty:netty-handler's releases](https://github.com/netty/netty/releases).* > netty-4.2.12.Final > ------------------ > > What's Changed > -------------- > > * Revert "Eliminate redundant bounds checks in CompositeByteBuf accessors" by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16550](https://redirect.github.com/netty/netty/pull/16550) > > **Full Changelog**: <netty/netty@netty-4.2.11.Final...netty-4.2.12.Final> > > netty-4.2.11.Final > ------------------ > > Security > -------- > > * CVE-2026-33871, [HTTP/2 CONTINUATION Frame Flood Denial of Service](GHSA-w9fj-cfpg-grvv) > * CVE-2026-33870, [HTTP Request Smuggling via Chunked Extension Quoted-String Parsing](GHSA-pwqr-wmgm-9rr8) > > What's Changed > -------------- > > * Update to latest JDK 26 EA release by [`@normanmaurer`](https://github.com/normanmaurer) in [netty/netty#16230](https://redirect.github.com/netty/netty/pull/16230) > * HTTP3: Allow to support non-standard HTTP3 settings by [`@normanmaurer`](https://github.com/normanmaurer) in [netty/netty#16171](https://redirect.github.com/netty/netty/pull/16171) > * Fix Incorrect nanos-to-millis conversion in epoll\_wait EINTR retry loop by [`@adwsingh`](https://github.com/adwsingh) in [netty/netty#16245](https://redirect.github.com/netty/netty/pull/16245) > * Allocate one large segment and slice for each MsgHdrMemory by [`@dreamlike-ocean`](https://github.com/dreamlike-ocean) in [netty/netty#16234](https://redirect.github.com/netty/netty/pull/16234) > * Make RefCntOpenSslContext.deallocate more robust by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16253](https://redirect.github.com/netty/netty/pull/16253) > * Epoll: Fix excessive CPU usage when Channel is only registered but no… by [`@normanmaurer`](https://github.com/normanmaurer) in [netty/netty#16250](https://redirect.github.com/netty/netty/pull/16250) > * Update to gcc for arm 10.3-2021.07 by [`@m1ngyuan`](https://github.com/m1ngyuan) in [netty/netty#16255](https://redirect.github.com/netty/netty/pull/16255) > * Add acmeIdentifier extension support to pkitesting by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16256](https://redirect.github.com/netty/netty/pull/16256) > * Update JDK versions to latest patch releases by [`@m1ngyuan`](https://github.com/m1ngyuan) in [netty/netty#16254](https://redirect.github.com/netty/netty/pull/16254) > * Avoid allocation in HttpObjectEncoder.addEncodedLengthHex method by [`@doom369`](https://github.com/doom369) in [netty/netty#16241](https://redirect.github.com/netty/netty/pull/16241) > * Automatic backporting workflow from 4.1 to 4.2 by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16269](https://redirect.github.com/netty/netty/pull/16269) > * Revert "Automatic backporting workflow from 4.1 to 4.2" by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16270](https://redirect.github.com/netty/netty/pull/16270) > * HTTP2: Correctly account for padding when decompress by [`@normanmaurer`](https://github.com/normanmaurer) in [netty/netty#16264](https://redirect.github.com/netty/netty/pull/16264) > * Automatic backporting workflow from 4.1 to 4.2 by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16271](https://redirect.github.com/netty/netty/pull/16271) > * Automatic backporting workflow from 4.1 to 4.2 by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16273](https://redirect.github.com/netty/netty/pull/16273) > * Backport PRs must be created with personal access tokens by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16276](https://redirect.github.com/netty/netty/pull/16276) > * Expose QuicSslContextBuilder::sni by [`@ZeroErrors`](https://github.com/ZeroErrors) in [netty/netty#16178](https://redirect.github.com/netty/netty/pull/16178) > * Add more porting workflows by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16275](https://redirect.github.com/netty/netty/pull/16275) > * Add more porting workflows by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16283](https://redirect.github.com/netty/netty/pull/16283) > * Remove the unpooled allocator from test permutations by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16282](https://redirect.github.com/netty/netty/pull/16282) > * Some polishing of the porting workflows by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16288](https://redirect.github.com/netty/netty/pull/16288) > * Allow to set destination connection id when creating a client side QuicheChannel by [`@normanmaurer`](https://github.com/normanmaurer) in [netty/netty#16286](https://redirect.github.com/netty/netty/pull/16286) > * Update to latest JDK26 EA build by [`@normanmaurer`](https://github.com/normanmaurer) in [netty/netty#16295](https://redirect.github.com/netty/netty/pull/16295) > * Add javadoc to clarify responsibility of the user when generating the remote connection id by [`@normanmaurer`](https://github.com/normanmaurer) in [netty/netty#16293](https://redirect.github.com/netty/netty/pull/16293) > * Make the build run faster by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16290](https://redirect.github.com/netty/netty/pull/16290) > * Fix IDE warnings in SslHandler by [`@doom369`](https://github.com/doom369) in [netty/netty#16237](https://redirect.github.com/netty/netty/pull/16237) > * Decrease Long allocations and map.put calls in ReferenceCountedOpenSllEngine in handshake() method by [`@doom369`](https://github.com/doom369) in [netty/netty#16242](https://redirect.github.com/netty/netty/pull/16242) > * Support boringssl SSLCredential API by [`@jmcrawford45`](https://github.com/jmcrawford45) in [netty/netty#15919](https://redirect.github.com/netty/netty/pull/15919) > * Fix high-order bit aliasing in HttpUtil.validateToken by [`@furkanvarol`](https://github.com/furkanvarol) in [netty/netty#16279](https://redirect.github.com/netty/netty/pull/16279) > * Improve multi-byte access performance when UNALIGNED availability is unknown by [`@Songdoeon`](https://github.com/Songdoeon) in [netty/netty#16207](https://redirect.github.com/netty/netty/pull/16207) > * Avoid unnecessary SSL.getVersion() call and string allocation in ReferenceCountedOpenSslEngine by [`@doom369`](https://github.com/doom369) in [netty/netty#16278](https://redirect.github.com/netty/netty/pull/16278) > * Support more branch freedom for auto-porting by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16300](https://redirect.github.com/netty/netty/pull/16300) > * fix: the precedence of + is higher than >> by [`@cuiweixie`](https://github.com/cuiweixie) in [netty/netty#16312](https://redirect.github.com/netty/netty/pull/16312) > * AdaptiveByteBufAllocator: make sure byteBuf.capacity() not greater than byteBuf.maxCapacity() by [`@laosijikaichele`](https://github.com/laosijikaichele) in [netty/netty#16309](https://redirect.github.com/netty/netty/pull/16309) > * Fix flaky PooledByteBufAllocatorTest by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16313](https://redirect.github.com/netty/netty/pull/16313) > * Fix pooled arena accounting tests by [`@chrisvest`](https://github.com/chrisvest) in [netty/netty#16321](https://redirect.github.com/netty/netty/pull/16321) ... (truncated) Commits * [`67ce541`](netty/netty@67ce541) [maven-release-plugin] prepare release netty-4.2.12.Final * [`7074624`](netty/netty@7074624) Revert "Eliminate redundant bounds checks in CompositeByteBuf accessors" ([#16](https://redirect.github.com/netty/netty/issues/16)... * [`c3b0a43`](netty/netty@c3b0a43) [maven-release-plugin] prepare for next development iteration * [`c94a818`](netty/netty@c94a818) [maven-release-plugin] prepare release netty-4.2.11.Final * [`3b76df1`](netty/netty@3b76df1) Merge commit from fork * [`aae944a`](netty/netty@aae944a) Auto-port 4.2: Limit the number of Continuation frames per HTTP2 Headers ([#16](https://redirect.github.com/netty/netty/issues/16)... * [`6001499`](netty/netty@6001499) Eliminate redundant bounds checks in CompositeByteBuf accessors ([#16525](https://redirect.github.com/netty/netty/issues/16525)) * [`a7fbb6f`](netty/netty@a7fbb6f) JdkZlibDecoder: accumulate decompressed output before firing channelRead ([#16](https://redirect.github.com/netty/netty/issues/16)... * [`7937553`](netty/netty@7937553) Enforce io.netty.maxDirectMemory accounting on all Java versions ([#16489](https://redirect.github.com/netty/netty/issues/16489)) * [`893ea2e`](netty/netty@893ea2e) Allocate less in QueryStringDecoder.addParam for typical use case ([#16527](https://redirect.github.com/netty/netty/issues/16527)) * Additional commits viewable in [compare view](netty/netty@netty-4.2.10.Final...netty-4.2.12.Final) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation:
Following the success of #16273 we should also have workflows for porting 4.2 -> 5.0, and 5.0 -> 4.2.
Modification:
Copy the 4.2 -> 4.1 porting workflow and make adjustments to port between 4.2 and 5.0.
Result:
More automated PR porting between our branches.