Commit d88adb3
authored
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4&size=40){kind=avatar}
MINOR: Bump io.netty:netty-bom from 4.2.12.Final to 4.2.13.Final (#1155)
Bumps [io.netty:netty-bom](https://github.com/netty/netty) from
4.2.12.Final to 4.2.13.Final.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/netty/netty/releases">io.netty:netty-bom's
releases</a>.</em></p>
<blockquote>
<h2>netty-4.2.13.Final</h2>
<h2>CVEs Fixed</h2>
<ul>
<li><a
href="https://github.com/netty/netty/security/advisories/GHSA-rgrr-p7gp-5xj7">CVE-2026-42586</a>
(netty-codec-redis)</li>
<li><a
href="https://github.com/netty/netty/security/advisories/GHSA-45q3-82m4-75jr">CVE-2026-42578</a>
(netty-handler-proxy)</li>
<li><a
href="https://github.com/netty/netty/security/advisories/GHSA-rwm7-x88c-3g2p">CVE-2026-42577</a>
(netty-transport-native-epoll)</li>
<li><a
href="https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv">CVE-2026-42587</a>
(netty-codec-http, netty-codec-http2)</li>
<li><a
href="https://github.com/netty/netty/security/advisories/GHSA-v8h7-rr48-vmmv">CVE-2026-41417</a>
(netty-codec-http)</li>
<li><a
href="https://github.com/netty/netty/security/advisories/GHSA-xxqh-mfjm-7mv9">CVE-2026-42581</a>
(netty-codec-http)</li>
<li><a
href="https://github.com/netty/netty/security/advisories/GHSA-m4cv-j2px-7723">CVE-2026-42580</a>
(netty-codec-http)</li>
<li><a
href="https://github.com/netty/netty/security/advisories/GHSA-38f8-5428-x5cv">CVE-2026-42585</a>
(netty-codec-http)</li>
<li><a
href="https://github.com/netty/netty/security/advisories/GHSA-cm33-6792-r9fm">CVE-2026-42579</a>
(netty-codec-dns)</li>
<li><a
href="https://github.com/netty/netty/security/advisories/GHSA-2c5c-chwr-9hqw">CVE-2026-42582</a>
(netty-codec-http3)</li>
<li><a
href="https://github.com/netty/netty/security/advisories/GHSA-mj4r-2hfc-f8p6">CVE-2026-42583</a>
(netty-codec, netty-codec-compression)</li>
<li><a
href="https://github.com/netty/netty/security/advisories/GHSA-57rv-r2g8-2cj3">CVE-2026-42584</a>
(netty-codec-http)</li>
<li><a
href="https://github.com/netty/netty/security/advisories/GHSA-jfg9-48mv-9qgx">CVE-2026-44248</a>
(netty-codec-mqtt)</li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>Kqueue: sendfile EINTR doesn't advance offset — data duplication by
<a
href="https://github.com/normanmaurer"><code>@normanmaurer</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16544">netty/netty#16544</a></li>
<li>Replace usage of strerror with thread-safe alternative by <a
href="https://github.com/normanmaurer"><code>@normanmaurer</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16547">netty/netty#16547</a></li>
<li>Fix implementation of strerror_r_xsi for GNU by <a
href="https://github.com/normanmaurer"><code>@normanmaurer</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16546">netty/netty#16546</a></li>
<li>Lazy init ArrayList in DefaultHeaders.getAll by <a
href="https://github.com/doom369"><code>@doom369</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16526">netty/netty#16526</a></li>
<li>Less logging in AWS-LC build by <a
href="https://github.com/chrisvest"><code>@chrisvest</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16565">netty/netty#16565</a></li>
<li>Ensure the CRYPTO_BUFFER_POOL is also freed when we fail creating
the SSLContext by <a
href="https://github.com/normanmaurer"><code>@normanmaurer</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16545">netty/netty#16545</a></li>
<li>Auto-port 4.2: Fix IndexOutOfBoundsException in StompSubframeDecoder
on heartbeat by <a
href="https://github.com/netty-project-bot"><code>@netty-project-bot</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16543">netty/netty#16543</a></li>
<li>Avoid leak in PemReader on OutOfDirectMemoryError by <a
href="https://github.com/raipc"><code>@raipc</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16551">netty/netty#16551</a></li>
<li>IoUring: Disable test while we debug to unblock other builds by <a
href="https://github.com/normanmaurer"><code>@normanmaurer</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16581">netty/netty#16581</a></li>
<li>Include user properties and subscription IDs in
MqttProperties#isEmpty by <a
href="https://github.com/ShadowySpirits"><code>@ShadowySpirits</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16575">netty/netty#16575</a></li>
<li>Native DNS resolver: Guard against malloc failures by <a
href="https://github.com/normanmaurer"><code>@normanmaurer</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16559">netty/netty#16559</a></li>
<li>Auto-port 4.2: Increase timeouts for QuicChannelConnectTest by <a
href="https://github.com/netty-project-bot"><code>@netty-project-bot</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16578">netty/netty#16578</a></li>
<li>Fix parsing HTTP chunks with multiple extensions by <a
href="https://github.com/chrisvest"><code>@chrisvest</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16579">netty/netty#16579</a></li>
<li>Bump org.codehaus.plexus:plexus-utils from 3.4.2 to 4.0.3 in
/codec-native-quic by <a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/netty/netty/pull/16572">netty/netty#16572</a></li>
<li>Revert to PR build to Ubuntu 22.04 by <a
href="https://github.com/chrisvest"><code>@chrisvest</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16595">netty/netty#16595</a></li>
<li>Native transports: Correctly create pipe when pipe2 is not supported
by <a
href="https://github.com/normanmaurer"><code>@normanmaurer</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16592">netty/netty#16592</a></li>
<li>Epoll: Cleanup code to always return negative value on failure by <a
href="https://github.com/normanmaurer"><code>@normanmaurer</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16591">netty/netty#16591</a></li>
<li>Fix component search fast path by <a
href="https://github.com/yawkat"><code>@yawkat</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16548">netty/netty#16548</a></li>
<li>Stabilize read-only toStringMultipleThreads1 by <a
href="https://github.com/chrisvest"><code>@chrisvest</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16608">netty/netty#16608</a></li>
<li>Stabilize more AbstractByteBufTests by <a
href="https://github.com/chrisvest"><code>@chrisvest</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16611">netty/netty#16611</a></li>
<li>Remove note about needing 256-bit for PQC by <a
href="https://github.com/chrisvest"><code>@chrisvest</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16605">netty/netty#16605</a></li>
<li>Stabilize testSessionInvalidate for Conscrypt by <a
href="https://github.com/chrisvest"><code>@chrisvest</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16615">netty/netty#16615</a></li>
<li>Quic: Correctly handle SSL_CTX_new failures by <a
href="https://github.com/normanmaurer"><code>@normanmaurer</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16622">netty/netty#16622</a></li>
<li>Make LocalIoHandle public by <a
href="https://github.com/rdicroce"><code>@rdicroce</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16621">netty/netty#16621</a></li>
<li>Quic: Fix shadowing of variable which leads to incorrectly handling
errors by <a
href="https://github.com/normanmaurer"><code>@normanmaurer</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16623">netty/netty#16623</a></li>
<li>Auto-port 4.2: Use stream error for maxContentLength exceeded in
InboundHttp2ToHttpAdapter by <a
href="https://github.com/netty-project-bot"><code>@netty-project-bot</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16629">netty/netty#16629</a></li>
<li>Fix <code>shutdownInput</code> bug in kqueue for empty recv buffer
by <a href="https://github.com/chrisvest"><code>@chrisvest</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16630">netty/netty#16630</a></li>
<li>fix FFM address semantics in directBufferAddress by <a
href="https://github.com/dreamlike-ocean"><code>@dreamlike-ocean</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16603">netty/netty#16603</a></li>
<li>HTTP2: Ensure HTTP2 preface is always send as first message by <a
href="https://github.com/normanmaurer"><code>@normanmaurer</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16636">netty/netty#16636</a></li>
<li>Move Http2FrameCodecSubClassTest to correct package by <a
href="https://github.com/normanmaurer"><code>@normanmaurer</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16640">netty/netty#16640</a></li>
<li>Kqueue: Fix usage of LOCAL_PEERPID by <a
href="https://github.com/normanmaurer"><code>@normanmaurer</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16637">netty/netty#16637</a></li>
<li>Avoid ArrayQueue allocation in HttpServerCodec by <a
href="https://github.com/doom369"><code>@doom369</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16596">netty/netty#16596</a></li>
<li>Fix file descriptor reuse bug in kqueue by <a
href="https://github.com/chrisvest"><code>@chrisvest</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16650">netty/netty#16650</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/netty/netty/commit/b3844c8108b42f68d56144b36d4d1ed96078a688"><code>b3844c8</code></a>
[maven-release-plugin] prepare release netty-4.2.13.Final</li>
<li><a
href="https://github.com/netty/netty/commit/82f47fa53571d04d8add02e3a01762cebd139a00"><code>82f47fa</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/netty/netty/commit/ada0999ae6a011c787203108c8d987e0bc25b82d"><code>ada0999</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/netty/netty/commit/b4051e230e2fd349892f3739d6770b006c1d7528"><code>b4051e2</code></a>
Fix BrotliDecoder not forwarding all decompressed chunks</li>
<li><a
href="https://github.com/netty/netty/commit/67207c19218d7962f772af234f89de4424c7cf07"><code>67207c1</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/netty/netty/commit/541ca7c645b8bd04901b54136b745622be289d19"><code>541ca7c</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/netty/netty/commit/943edb361423eee5574b636a8c2bf6baf5cb2464"><code>943edb3</code></a>
Fix codec-dns tests</li>
<li><a
href="https://github.com/netty/netty/commit/6459a284e6653c90fe4b15c0e8516d8302b1cd0e"><code>6459a28</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/netty/netty/commit/b4ba61bd9059156cc9dcece7a81ea389efe571c2"><code>b4ba61b</code></a>
Fix checkstyle in HttpObjectDecoder</li>
<li><a
href="https://github.com/netty/netty/commit/977661f71f7511ad68ca17cabd7b5185efb978f4"><code>977661f</code></a>
Merge commit from fork</li>
<li>Additional commits viewable in <a
href="https://github.com/netty/netty/compare/netty-4.2.12.Final...netty-4.2.13.Final">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>1 parent c49d976 commit d88adb3
1 file changed
Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
98 | 98 | | |
99 | 99 | | |
100 | 100 | | |
101 | | - | |
| 101 | + | |
102 | 102 | | |
103 | 103 | | |
104 | 104 | | |
| |||
0 commit comments