Bump io.netty:netty-codec-http from 4.1.132.Final to 4.1.133.Final in /gxcosmosdb by dependabot[bot] · Pull Request #1111 · genexuslabs/JavaClasses

dependabot · 2026-05-06T16:52:57Z

Bumps io.netty:netty-codec-http from 4.1.132.Final to 4.1.133.Final.

Release notes

Sourced from io.netty:netty-codec-http's releases.

netty-4.1.133.Final

CVEs Fixed

CVE-2026-42586 (netty-codec-redis)

CVE-2026-42578 (netty-handler-proxy)

CVE-2026-42587 (netty-codec-http, netty-codec-http2)

CVE-2026-41417 (netty-codec-http)

CVE-2026-42581 (netty-codec-http)

CVE-2026-42580 (netty-codec-http)

CVE-2026-42585 (netty-codec-http)

CVE-2026-42579 (netty-codec-dns)

CVE-2026-42582 (netty-codec-http3)

CVE-2026-42583 (netty-codec, netty-codec-compression)

CVE-2026-42584 (netty-codec-http)

CVE-2026-44248 (netty-codec-mqtt)

What's Changed

Fix IndexOutOfBoundsException in StompSubframeDecoder on heartbeat by @daguimu in netty/netty#16539

Auto-port 4.1: Fix implementation of strerror_r_xsi for GNU by @netty-project-bot in netty/netty#16561

Auto-port 4.1: Replace usage of strerror with thread-safe alternative by @netty-project-bot in netty/netty#16555

Auto-port 4.1: Kqueue: sendfile EINTR doesn't advance offset — data duplication by @netty-project-bot in netty/netty#16554

Auto-port 4.1: Avoid leak in PemReader on OutOfDirectMemoryError by @netty-project-bot in netty/netty#16576

Auto-port 4.1: Native DNS resolver: Guard against malloc failures by @netty-project-bot in netty/netty#16584

Auto-port 4.1: Include user properties and subscription IDs in MqttProperties#isEmpty by @netty-project-bot in netty/netty#16582

Auto-port 4.1: Fix parsing HTTP chunks with multiple extensions by @netty-project-bot in netty/netty#16588

Auto-port 4.1: Stabilize read-only toStringMultipleThreads1 by @netty-project-bot in netty/netty#16610

Auto-port 4.1: Epoll: Cleanup code to always return negative value on failure by @netty-project-bot in netty/netty#16601

Auto-port 4.1: Stabilize more AbstractByteBufTests by @netty-project-bot in netty/netty#16613

Auto-port 4.1: Stabilize testSessionInvalidate for Conscrypt by @netty-project-bot in netty/netty#16616

Auto-port 4.1: Native transports: Correctly create pipe when pipe2 is not supported by @netty-project-bot in netty/netty#16598

Use stream error for maxContentLength exceeded in InboundHttp2ToHttpAdapter by @daguimu in netty/netty#16558

Fix shutdownInput bug in kqueue for empty recv buffer (#16630) by @normanmaurer in netty/netty#16638

Auto-port 4.1: Kqueue: Fix usage of LOCAL_PEERPID by @netty-project-bot in netty/netty#16646

Auto-port 4.1: HTTP2: Ensure HTTP2 preface is always send as first message by @netty-project-bot in netty/netty#16642

Auto-port 4.1: Propagate exceptions from inner threads in buffer tests by @netty-project-bot in netty/netty#16652

Auto-port 4.1: Add maxFrameLength support to ProtobufVarint32FrameDecoder by @netty-project-bot in netty/netty#16658

Auto-port 4.1: Bump up netty-tcnative to 2.0.76.Final by @netty-project-bot in netty/netty#16672

HTTP2: Ensure HTTP2 preface is always send as first message (also on … by @chrisvest in netty/netty#16675

Improve flaky NioSocketChannelTest (#16679) by @normanmaurer in netty/netty#16681

Deprecate ObjectCleaner and remove usage (#16685) by @chrisvest in netty/netty#16694

Auto-port 4.1: Update to netty-tcnative 2.0.77.Final by @netty-project-bot in netty/netty#16695

Avoid NPE in JdkSslServerContext when TrustManagerFactory returns null by @daguimu in netty/netty#16691

Avoid NPE in JdkSslClientContext when TrustManagerFactory returns null by @daguimu in netty/netty#16690

Auto-port 4.1: Avoid TCPFastOpen in KQueueCompositeBufferGatheringWriteTest by @netty-project-bot in netty/netty#16699

Auto-port 4.1: SCTP: Correctly handle SO_BACKLOG by @netty-project-bot in netty/netty#16715

Fix DiscardClient hang under -Dssl by using a client SSL context by @daguimu in netty/netty#16717

Auto-port 4.1: Consolidate fake exceptions in HTTP/2 tests into Http2TestUtil by @netty-project-bot in netty/netty#16725

Auto-port 4.1: Activate noPrintGC by default by @netty-project-bot in netty/netty#16735

Merge commit from fork by @normanmaurer in netty/netty#16742

New Contributors

... (truncated)

Commits

fb13125 [maven-release-plugin] prepare release netty-4.1.133.Final
815f71a Fix compilation after multiple backports
1986c38 Merge commit from fork
6f69dc9 Merge commit from fork
bf78040 Fix BrotliDecoder not forwarding all decompressed chunks
387bbd0 Merge commit from fork
417ebaa Fix codec-dns tests
3c091ab Merge commit from fork
5d60b87 Fix checkstyle in HttpObjectDecoder
485f11d Merge commit from fork
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [io.netty:netty-codec-http](https://github.com/netty/netty) from 4.1.132.Final to 4.1.133.Final. - [Release notes](https://github.com/netty/netty/releases) - [Commits](netty/netty@netty-4.1.132.Final...netty-4.1.133.Final) --- updated-dependencies: - dependency-name: io.netty:netty-codec-http dependency-version: 4.1.133.Final dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

sgrampone · 2026-05-07T16:22:23Z

Fix in #1114

dependabot · 2026-05-07T16:22:25Z

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels May 6, 2026

sgrampone closed this May 7, 2026

dependabot Bot deleted the dependabot/maven/gxcosmosdb/io.netty-netty-codec-http-4.1.133.Final branch May 7, 2026 16:22

genexusbot added the bot closed label May 7, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump io.netty:netty-codec-http from 4.1.132.Final to 4.1.133.Final in /gxcosmosdb#1111

Bump io.netty:netty-codec-http from 4.1.132.Final to 4.1.133.Final in /gxcosmosdb#1111
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/maven/gxcosmosdb/io.netty-netty-codec-http-4.1.133.Final

dependabot Bot commented on behalf of github May 6, 2026

Uh oh!

sgrampone commented May 7, 2026

Uh oh!

dependabot Bot commented on behalf of github May 7, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

dependabot Bot commented on behalf of github May 6, 2026

netty-4.1.133.Final

CVEs Fixed

What's Changed

New Contributors

Uh oh!

sgrampone commented May 7, 2026

Uh oh!

dependabot Bot commented on behalf of github May 7, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants