Upgrade netty to 4.1.87.Final
We are happy to announce the release of netty 4.1.86.Final. This release contains two CVE fixes, one which is considered as Severity High and can be triggered remotely (if you use the HAProxyMessageDecoder)!
Beside this this release contains various small bug-fixes.
The most important changes are:
- HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)
- HTTP Response splitting from assigning header value iterator (CVE-2022-41915)
- Revert #12888 for potential task scheduling problems in HashedWheelTimer (#13021)
- Deprecate ObjectEncoder/ObjectDecoder (#12990)
- HPACK dynamic table size update must happen at the beginning of the header block (#12988)
For more details please visit our bug tracker