dependabot[bot] opened a new pull request, #58: URL: https://github.com/apache/qpid-jms/pull/58
Bumps [io.netty:netty-codec-http](https://github.com/netty/netty) from 4.1.130.Final to 4.1.132.Final. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/netty/netty/releases";>io.netty:netty-codec-http's releases</a>.</em></p> <blockquote> <h2>netty-4.1.132.Final</h2> <h2>Security</h2> <ul> <li>CVE-2026-33871, <a href="https://github.com/netty/netty/security/advisories/GHSA-w9fj-cfpg-grvv";>HTTP/2 CONTINUATION Frame Flood Denial of Service</a></li> <li>CVE-2026-33870, <a href="https://github.com/netty/netty/security/advisories/GHSA-pwqr-wmgm-9rr8";>HTTP Request Smuggling via Chunked Extension Quoted-String Parsing</a></li> </ul> <h2>What's Changed</h2> <ul> <li>Fix Incorrect nanos-to-millis conversion in epoll_wait EINTR retry lo… by <a href="https://github.com/normanmaurer";><code>@normanmaurer</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16248";>netty/netty#16248</a></li> <li>Make RefCntOpenSslContext.deallocate more robust (<a href="https://redirect.github.com/netty/netty/issues/16253";>#16253</a>) by <a href="https://github.com/normanmaurer";><code>@normanmaurer</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16257";>netty/netty#16257</a></li> <li>Update to gcc for arm 10.3-2021.07 (<a href="https://redirect.github.com/netty/netty/issues/16255";>#16255</a>) by <a href="https://github.com/normanmaurer";><code>@normanmaurer</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16263";>netty/netty#16263</a></li> <li>HTTP2: Correctly account for padding when decompress by <a href="https://github.com/normanmaurer";><code>@normanmaurer</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16265";>netty/netty#16265</a></li> <li>Update JDK versions to latest patch releases (<a href="https://redirect.github.com/netty/netty/issues/16254";>#16254</a>) by <a href="https://github.com/normanmaurer";><code>@normanmaurer</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16267";>netty/netty#16267</a></li> <li>Backport 4.1: Automatic backporting workflow from 4.1 to 4.2 by <a href="https://github.com/github-actions";><code>@github-actions</code></a>[bot] in <a href="https://redirect.github.com/netty/netty/pull/16274";>netty/netty#16274</a></li> <li>Backport 4.1: Backport PRs must be created with personal access tokens by <a href="https://github.com/chrisvest";><code>@chrisvest</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16277";>netty/netty#16277</a></li> <li>Backport 4.1: Add more porting workflows by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16284";>netty/netty#16284</a></li> <li>Backport 4.1: Some polishing of the porting workflows by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16292";>netty/netty#16292</a></li> <li>Backport 4.1: Fix high-order bit aliasing in HttpUtil.validateToken by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16303";>netty/netty#16303</a></li> <li>Auto-port 4.1: Support more branch freedom for auto-porting by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16310";>netty/netty#16310</a></li> <li>fix: the precedence of + is higher than >> (<a href="https://redirect.github.com/netty/netty/issues/16312";>#16312</a>) by <a href="https://github.com/chrisvest";><code>@chrisvest</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16316";>netty/netty#16316</a></li> <li>AdaptiveByteBufAllocator: make sure byteBuf.capacity() not greater th… by <a href="https://github.com/chrisvest";><code>@chrisvest</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16320";>netty/netty#16320</a></li> <li>Auto-port 4.1: Fix flaky PooledByteBufAllocatorTest by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16324";>netty/netty#16324</a></li> <li>Auto-port 4.1: Fix pooled arena accounting tests by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16326";>netty/netty#16326</a></li> <li>Auto-port 4.1: Fix RunInFastThreadLocalThreadExtension by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16328";>netty/netty#16328</a></li> <li>Auto-port 4.1: AdaptivePoolingAllocator: call <code>unreserveMatchingBuddy(...)</code> if <code>byteBuf</code> initialization failed by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16331";>netty/netty#16331</a></li> <li>Auto-port 4.1: Mark LoggingHandlerTest with <a href="https://github.com/Isolated";><code>@Isolated</code></a> to fix flaky build by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16340";>netty/netty#16340</a></li> <li>Auto-port 4.1: Fix flaky HTTP/2 test by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16348";>netty/netty#16348</a></li> <li>Auto-port 4.1: Fix flaky RenegotiateTest by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16355";>netty/netty#16355</a></li> <li>Auto-port 4.1: Fix HTTP/2 push frame test by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16353";>netty/netty#16353</a></li> <li>SSL test: Don't depend on property value in test (<a href="https://redirect.github.com/netty/netty/issues/16346";>#16346</a>) by <a href="https://github.com/normanmaurer";><code>@normanmaurer</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16362";>netty/netty#16362</a></li> <li>Auto-port 4.1: Don't assume CertificateFactory is thread-safe by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16364";>netty/netty#16364</a></li> <li>AdaptivePoolingAllocator: assign a more explicit value to BuddyChunk.freeListCapacity (<a href="https://redirect.github.com/netty/netty/issues/16334";>#16334</a>) by <a href="https://github.com/chrisvest";><code>@chrisvest</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16368";>netty/netty#16368</a></li> <li>Auto-port 4.1: Add more diagnostic points to PooledByteBufAllocatorTest.createNewThr… by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16372";>netty/netty#16372</a></li> <li>Fix leak in SniHandlerTest (<a href="https://redirect.github.com/netty/netty/issues/16367";>#16367</a>) by <a href="https://github.com/normanmaurer";><code>@normanmaurer</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16377";>netty/netty#16377</a></li> <li>Auto-port 4.1: Stabilize AbstractByteBufTest.testBytesInArrayMultipleThreads by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16373";>netty/netty#16373</a></li> <li>Remove reference counting from size classed chunks (<a href="https://redirect.github.com/netty/netty/issues/16306";>#16306</a>) by <a href="https://github.com/chrisvest";><code>@chrisvest</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16379";>netty/netty#16379</a></li> <li>Auto-port 4.1: Stabilize AbstractByteBufTest.testToStringMultipleThreads by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16384";>netty/netty#16384</a></li> <li>Fix HttpObjectAggregator leaving connection stuck after 413 with AUTO… by <a href="https://github.com/samlandfried";><code>@samlandfried</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16280";>netty/netty#16280</a></li> <li>Auto-port 4.1: Fix autoport fetching into the existing branch - again by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16417";>netty/netty#16417</a></li> <li>Auto-port 4.1: Capture why threads get stuck in testCopyMultipleThreads0 by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16419";>netty/netty#16419</a></li> <li>Auto-port 4.1: Remove unnecessary array access in DefaultAttributeMap.orderedCopyOnInsert by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16421";>netty/netty#16421</a></li> <li>Auto-port 4.1: Whitelist JMH annotation processing in microbench module by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16430";>netty/netty#16430</a></li> <li>Auto-port 4.1: HTTP2: Ensure preface is flushed in all cases by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16432";>netty/netty#16432</a></li> <li>Auto-port 4.1: Fix UnsupportedOperationException in readTrailingHeaders by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16437";>netty/netty#16437</a></li> <li>Auto-port 4.1: Fix client_max_window_bits parameter handling in permessage-deflate extension by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16435";>netty/netty#16435</a></li> <li>Auto-port 4.1: Native transports: Fix possible fd leak when fcntl fails. by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16446";>netty/netty#16446</a></li> <li>Auto-port 4.1: Kqueue: Fix undefined behaviour when GetStringUTFChars fails and SO_ACCEPTFILTER is supported by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16448";>netty/netty#16448</a></li> <li>Auto-port 4.1: Kqueue: Possible overflow when using netty_kqueue_bsdsocket_setAcceptFilter(...) by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16459";>netty/netty#16459</a></li> <li>Auto-port 4.1: Native transports: Fix undefined behaviour when GetStringUTFChars fails while open FD by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16456";>netty/netty#16456</a></li> <li>Auto-port 4.1: Epoll: Add null checks for safety reasons by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16463";>netty/netty#16463</a></li> <li>Auto-port 4.1: DnsNameResolver: Skip test if we can not bind TCP and UDP to the same port by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16464";>netty/netty#16464</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/netty/netty/commit/ec119d487b3a27e4ac118e7e1d97f0c96a85f4a3";><code>ec119d4</code></a> [maven-release-plugin] prepare release netty-4.1.132.Final</li> <li><a href="https://github.com/netty/netty/commit/60e53c99f2e80aef1025e9038e33cdf261ed9819";><code>60e53c9</code></a> Stricter HTTP/1.1 chunk extension parsing (<a href="https://redirect.github.com/netty/netty/issues/16537";>#16537</a>)</li> <li><a href="https://github.com/netty/netty/commit/9f47a7b6846e6c7cb0481789be51788944042b85";><code>9f47a7b</code></a> Limit the number of Continuation frames per HTTP2 Headers (<a href="https://redirect.github.com/netty/netty/issues/13969";>#13969</a>)</li> <li><a href="https://github.com/netty/netty/commit/10c1603cbab5e72a029521058eb35e15a8b7c7c5";><code>10c1603</code></a> Auto-port 4.1: JdkZlibDecoder: accumulate decompressed output before firing c...</li> <li><a href="https://github.com/netty/netty/commit/df6599790dc2c6810e253e9a14903f450e7aeffe";><code>df65997</code></a> Epoll: setTcpMg5Sig(...) might overflow (<a href="https://redirect.github.com/netty/netty/issues/16511";>#16511</a>) (<a href="https://redirect.github.com/netty/netty/issues/16520";>#16520</a>)</li> <li><a href="https://github.com/netty/netty/commit/692ec8772dffdfbc9f3dc57bb4379d9338822ebd";><code>692ec87</code></a> Auto-port 4.1: AdaptivePoolingAllocator: Fix assertion for size class multipl...</li> <li><a href="https://github.com/netty/netty/commit/3ac3f37e6dcfec658f4cb02935452ea25bb891f5";><code>3ac3f37</code></a> Auto-port 4.1: AdaptivePoolingAllocator: remove <code>ensureAccessible()</code> call in ...</li> <li><a href="https://github.com/netty/netty/commit/5a0072ba96adde85936cb511cb8e24aef0bda811";><code>5a0072b</code></a> Auto-port 4.1: Epoll: Fix support for IP_RECVORIGDSTADDR (<a href="https://redirect.github.com/netty/netty/issues/16468";>#16468</a>)</li> <li><a href="https://github.com/netty/netty/commit/779fce7ff70da741633c22ec80870008fa655d35";><code>779fce7</code></a> Auto-port 4.1: Epoll: Use correct value to initialize mmsghdr.msg_namelen (<a href="https://redirect.github.com/netty/netty/issues/1";>#1</a>...</li> <li><a href="https://github.com/netty/netty/commit/56d84e13175d1f33f6d8732e2bdd0e36d32db9a7";><code>56d84e1</code></a> Auto-port 4.1: DnsNameResolver: Skip test if we can not bind TCP and UDP to t...</li> <li>Additional commits viewable in <a href="https://github.com/netty/netty/compare/netty-4.1.130.Final...netty-4.1.132.Final";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/qpid-jms/network/alerts). </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
