We've released Netty 4.2.15.Final, fixing 22 CVEs (http, http2, http3, compression, dns, haproxy, redis) and a number of bugs:
- https://netty.io/news/2026/06/01/4-2-15-Final.html
The contents of the CVE advisories will be published later.
We've released #Netty 4.2.14 and 4.1.134, which are bug-fix releases:
https://netty.io/news/2026/05/20/4-2-14-Final.html
https://netty.io/news/2026/05/20/4-1-134-Final.html
They fix an MQTT parsing regression introduced in the previous release, and a recently introduced CompositeByteBuf bug, among a few others.
WebFlux vs Virtual Threads: что происходит при 2000 RPS
Всем привет! Меня зовут Александр, и сегодня я расскажу о результатах перевода учебного проекта со Spring WebFlux и Netty на Spring MVC и Tomcat с виртуальными потоками и проверки обоих вариантов под нагрузкой в 2000rps. В качестве подопытного будет выступать система микросервисов, разработанная в рамках курса CloudJava .
We've released Netty 4.2.12.Final. This fixes a regression introduced in 4.2.11.Final, in the CompositeByteBuf implementation.
Release notes: https://netty.io/news/2026/03/24/4-2-12-Final.html
#netty #java
We're released Netty 4.2.11 and 4.1.132. These contain many bug fixes, and fixes for two CVEs both rated *high*:
- CVE-2026-33871: HTTP/2 CONTINUATION frame flood Denial of Service.
- CVE-2026-33870: HTTP/1.1 Request Smuggling vulnerability in chunked encoding parsing.
Release notes for 4.2.11: https://netty.io/news/2026/03/24/4-2-11-Final.html
Release notes for 4.1.132: https://netty.io/news/2026/03/24/4-1-132-Final.html
Also of note: We had 17 people contribute to Netty 4.2.11, of which 5 are new first time contributors 😲
Chris
Felix 🇺🇦🚴♂️🇪🇺
Habr