ChrisWe're released Netty 4.2.11 and 4.1.132. These contain many bug fixes, and fixes for two CVEs both rated *high*:
- CVE-2026-33871: HTTP/2 CONTINUATION frame flood Denial of Service.
- CVE-2026-33870: HTTP/1.1 Request Smuggling vulnerability in chunked encoding parsing.
Release notes for 4.2.11: https://netty.io/news/2026/03/24/4-2-11-Final.html
Release notes for 4.1.132: https://netty.io/news/2026/03/24/4-1-132-Final.html
Also of note: We had 17 people contribute to Netty 4.2.11, of which 5 are new first time contributors 😲