Netty Project

After a lot of work and many contributions from our OSS community we are thrilled to finally announce the release of netty 4.2.0.Final! Everyone using netty 4.1.x should be able to upgrade to 4.2.0.Final without any API breakage. The only new ... [More] requirement is JDK8 or later (and JDK9+ for io_uring) and a more recent GLIBC version when using our native transports. With the release of netty 4.2.0.Final we will also start to only merge bug-fixes into 4.1, new features will only be merged to 4.2 and main branches. While 4.1.x releases will only receive bug-fixes we will still support it 4.1.x... [Less]

We are happy to announce the release of netty-incubator-codec-http3 0.0.29.Final. This release update its netty-incubator-codec-quic version to 0.0.71.Final which includes a CVE fix so we recommend everyone to upgrade. Beside this it also contains ... [More] various other bugfies. The most important changes are: Add getter for Http3ErrorCode.code (#297) Let header validator find host header field when :authority pseudo-header field is missing (#324) Update to netty 4.1.118.Final (#325) Update to netty-incubator-codec-quic 0.0.71.Final (#327) For more details related to this release see our bug-tracker. Thank You Every idea and bug-report counts, and so we thought it is worth mentioning those who helped in this area. Please report an unintended omission. @naokiiwakami @normanmaurer @SaltedReed... [Less]

We are happy to announce the release of netty-incubator-codec-quic 0.0.71.Final. This release fixes (CVE-2025-29908) and so you should consider upgrading as soon as possible. The most important changes are: QUIC hash collision DoS attack ... [More] (#CVE-2025-29908) Update to netty 4.1.118.Final (#776) Support cancellation of various outbound operations (#779) For more details related to this release see our bug-tracker. For more details about this codec in general please read our initial announcement. Thank You Every idea and bug-report counts, and so we thought it is worth mentioning those who helped in this area. Please report an unintended omission. @bryce-anderson @chrisvest @kb-1000 @normanmaurer @yawkat... [Less]

We are happy to announce the release of netty-incubator-codec-ohttp 0.0.18.Final. This release is a bug-fix release. The most important changes are: Use BoringSSL master branch (#90) Add method to export AEAD param (#95) Update to netty ... [More] 4.1.118.Final (#96) Allow to specific the maximum chunk size that is enforced by the OHttpVersionChunkDraft (#97) For more details related to this release see our bug-tracker.... [Less]

We are happy to announce the release of the third release candidate for the upcoming netty version 4.2.0. Everyone using netty 4.1.x should be able to upgrade to 4.2.0.RC4 without any API breakage. The only new requirement is JDK8 or later. We ... [More] encourage users of netty 4.1.x to try out this alpha release and so provide feedback if any breakage is noticed. This will help us to be aware of any problems early in the release cycle. That said, be aware that this is only an release candidate and so shouldn't be considered for production usage yet. Netty 4.2.0 will come... [Less]

We are happy to announce the release of netty 4.1.119.Final. This is a bug-fix release. The most important changes are: Replace SSL assertion with explicit record length check (#14810) Fix NPE when upgrade message fails to aggregate (#14816) ... [More] SslHandler: Fix possible NPE when executor is used for delegating (#14830) Consistently add channel info in HTTP/2 logs (#14829) Add QueryStringDecoder option to leave '+' alone (#14850) Use initialized BouncyCastle providers when available (#14855) For more details please visit our bug tracker Thank You Every idea and bug-report counts, and so we thought it is worth mentioning those who helped in this area. Please report an unintended omission. @bryce-anderson @chrisvest @franz1981 @He-Pin @idelpivnitskiy @michalvavrik @normanmaurer @violetagg @yawkat... [Less]

We are happy to announce the release of the third release canidate for the upcoming netty version 4.2.0. Everyone using netty 4.1.x should be able to upgrade to 4.2.0.RC3 without any API breakage. The only new requirement is JDK8 or later. We ... [More] encourage users of netty 4.1.x to try out this alpha release and so provide feedback if any breakage is noticed. This will help us to be aware of any problems early in the release cycle. That said, be aware that this is only an release canidate and so shouldn't be considered for production usage yet. Netty 4.2.0 will come... [Less]

We are happy to announce the release of netty 4.1.118.Final. This is a bug-fix release but also fixes a (critical CVE) in our SSL implementation. Please upgrade as soon as possible if you use our native SSL implementation. The most important ... [More] changes are: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine (CVE-2025-24970) Denial of Service attack on windows app using Netty, again (CVE-2025-25193) Upgrade netty-tcnative to 2.0.70.Final (#14790) Fix recycling in CodecOutputList (#14706) Allocate bytebuf without magazine lock when threads get collisions (#14594) Make StreamBufferingEncoder not send header frame with priority by default (#14732) Notify event loop termination future of unexpected... [Less]

We are happy to announce the release of the second release canidate for the upcoming netty version 4.2.0. Everyone using netty 4.1.x should be able to upgrade to 4.2.0.Alpha4 without any API breakage. The only new requirement is JDK8 or later. We ... [More] encourage users of netty 4.1.x to try out this alpha release and so provide feedback if any breakage is noticed. This will help us to be aware of any problems early in the release cycle. That said, be aware that this is only an release canidate and so shouldn't be considered for production usage yet. Netty 4.2.0 will come... [Less]

We are happy to announce the release of netty 4.1.117.Final. This is a bug-fix release. The most important changes are: Fix classloader leaks in GlobalEventExecuto (#14616) Support BouncyCastle FIPS for reading PEM files (#14618) Dns: Correctly ... [More] encode DnsPtrRecord (#14628) Provides Brotli settings without com.aayushatharva.brotli4j dependency (#14629) Make DefaultResourceLeak more resilient against OOM (#14642) OpenSslSession: Add support to defensively check for peer certs (#14641) Reentrant close in EmbeddedChannel (#14642) SslHandler: Ensure buffers are never leaked when wrap(...) produce SSLException (#14647) Adaptive: Only use ThreadLocal if called from FastThreadLocalThread in case of temporary byte[] allocation (#14656) Correcly handle comments appended to nameserver declarations (#14658) For more details please visit our bug tracker Thank You Every idea... [Less]