Skip to content

chore(gradle): bump io.netty:netty-bom from 4.1.134.Final to 4.2.15.Final#8125

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/gradle/io.netty-netty-bom-4.2.15.Final
Open

chore(gradle): bump io.netty:netty-bom from 4.1.134.Final to 4.2.15.Final#8125
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/gradle/io.netty-netty-bom-4.2.15.Final

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 8, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps io.netty:netty-bom from 4.1.134.Final to 4.2.15.Final.

Release notes

Sourced from io.netty:netty-bom's releases.

netty-4.2.15.Final

Security fixes

  • CVE-2026-48059: memory exhaustion in io.netty:netty-codec-haproxy (high).
  • CVE-2026-47691: DNS cache poisoning in io.netty:netty-resolver-dns (high).
  • CVE-2026-50560: DDoS in io.netty:netty-codec-http2.
  • CVE-2026-50011: memory exhaustion in io.netty:netty-codec-redis (high).
  • CVE-2026-44250: memory exhaustion in io.netty:netty-codec-redis (high).
  • CVE-2026-44890: memory exhaustion in io.netty:netty-codec-redis (high).
  • CVE-2026-50009: information disclosure and denial of service in io.netty:netty-codec-classes-quic.
  • CVE-2026-44249: IPv6 subnet filter bypass in io.netty:netty-handler (high).
  • CVE-2026-50020: request smuggling in io.netty:netty-codec-http.
  • CVE-2026-44892: memory exhaustion in io.netty:netty-codec-http3 (high).
  • CVE-2026-44893: memory leak in io.netty:netty-codec-haproxy (high).
  • CVE-2026-44894: traffic amplification in io.netty:netty-codec-classes-quic (high).
  • CVE-2026-50010: TLS hostname verification accidentally disabled in io.netty:netty-handler (high).
  • CVE-2026-45673: DNS cache poisoning in io.netty:netty-resolver-dns.
  • CVE-2026-45416: excessive memory usage from SNIHandler in io.netty:netty-handler (high).
  • CVE-2026-45536: file descriptor leak in io.netty:netty-transport-native-epoll and io.netty:netty-transport-native-kqueue.
  • CVE-2026-45674: DNS cache poisoning in io.netty:netty-resolver-dns (high).
  • CVE-2026-46340: memory exhaustion in io.netty:netty-transport-sctp (high).
  • CVE-2026-47244: denial of service in io.netty:netty-codec-http2.
  • CVE-2026-48006: memory exhaustion in io.netty:netty-codec-redis (high).
  • CVE-2026-48748: memory exhaustion in io.netty:netty-codec-http3 (high).
  • CVE-2026-48043: memory exhaustion in io.netty:netty-codec-http2.

What's Changed

New Contributors

Full Changelog: netty/netty@netty-4.2.14.Final...netty-4.2.15.Final

netty-4.2.14.Final

What's Changed

... (truncated)

Commits
  • a41f7b2 [maven-release-plugin] prepare release netty-4.2.15.Final
  • 2394530 Auto-port 4.2: MQTT: Reject malformed no-payload packets with non-zero Remain...
  • 0bd1657 Add maxWindowLog parameter to ZstdDecoder to bound memory allocation (#16850)
  • 76291f5 Fix SCTP and Redis tests (#16893)
  • e067b6e Fix revapi warnings (#16885)
  • 5a52600 Pass maxAllocation to Brotli and Zstd decoders (#16844)
  • 541add0 Merge commit from fork
  • 270800e Merge commit from fork
  • 3d45a1e Merge commit from fork
  • 75127ca Merge commit from fork
  • Additional commits viewable in compare view

@dependabot dependabot Bot requested a review from devinrsmith as a code owner June 8, 2026 02:05
@dependabot dependabot Bot requested review from cpwright and rcaudy as code owners June 8, 2026 02:05
@dependabot dependabot Bot mentioned this pull request Jun 8, 2026
Closed
@dependabot
chore(gradle): bump io.netty:netty-bom
4073a3c 
Bumps [io.netty:netty-bom](https://github.com/netty/netty) from 4.1.134.Final to 4.2.15.Final.
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](netty/netty@netty-4.1.134.Final...netty-4.2.15.Final)

---
updated-dependencies:
- dependency-name: io.netty:netty-bom
  dependency-version: 4.2.15.Final
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(gradle): bump io.netty:netty-bom from 4.1.133.Final to 4.2.15.Final chore(gradle): bump io.netty:netty-bom from 4.1.134.Final to 4.2.15.Final Jun 8, 2026
@dependabot dependabot Bot force-pushed the dependabot/gradle/io.netty-netty-bom-4.2.15.Final branch from 6988fae to 4073a3c Compare June 8, 2026 18:07
@github-actions

github-actions Bot commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

No docs changes detected for 4073a3c

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devinrsmith devinrsmith Awaiting requested review from devinrsmith devinrsmith is a code owner

@rcaudy rcaudy Awaiting requested review from rcaudy rcaudy is a code owner

@cpwright cpwright Awaiting requested review from cpwright cpwright is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@rcaudy rcaudy

@devinrsmith devinrsmith

Labels

NoDocumentationNeeded NoReleaseNotesNeeded No release notes are needed. version-bump

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rcaudy @devinrsmith