This is an automated email from the ASF dual-hosted git repository.
jbonofre pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/arrow-java.git
The following commit(s) were added to refs/heads/main by this push:
new d88adb33b MINOR: Bump io.netty:netty-bom from 4.2.12.Final to
4.2.13.Final (#1155)
d88adb33b is described below
commit d88adb33b00e8a7c3b743312b11c05ed36d2bd37
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Mon May 18 18:42:53 2026 +0200
MINOR: Bump io.netty:netty-bom from 4.2.12.Final to 4.2.13.Final (#1155)
Bumps [io.netty:netty-bom](https://github.com/netty/netty) from
4.2.12.Final to 4.2.13.Final.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/netty/netty/releases";>io.netty:netty-bom's
releases</a>.</em></p>
<blockquote>
<h2>netty-4.2.13.Final</h2>
<h2>CVEs Fixed</h2>
<ul>
<li><a
href="https://github.com/netty/netty/security/advisories/GHSA-rgrr-p7gp-5xj7";>CVE-2026-42586</a>
(netty-codec-redis)</li>
<li><a
href="https://github.com/netty/netty/security/advisories/GHSA-45q3-82m4-75jr";>CVE-2026-42578</a>
(netty-handler-proxy)</li>
<li><a
href="https://github.com/netty/netty/security/advisories/GHSA-rwm7-x88c-3g2p";>CVE-2026-42577</a>
(netty-transport-native-epoll)</li>
<li><a
href="https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv";>CVE-2026-42587</a>
(netty-codec-http, netty-codec-http2)</li>
<li><a
href="https://github.com/netty/netty/security/advisories/GHSA-v8h7-rr48-vmmv";>CVE-2026-41417</a>
(netty-codec-http)</li>
<li><a
href="https://github.com/netty/netty/security/advisories/GHSA-xxqh-mfjm-7mv9";>CVE-2026-42581</a>
(netty-codec-http)</li>
<li><a
href="https://github.com/netty/netty/security/advisories/GHSA-m4cv-j2px-7723";>CVE-2026-42580</a>
(netty-codec-http)</li>
<li><a
href="https://github.com/netty/netty/security/advisories/GHSA-38f8-5428-x5cv";>CVE-2026-42585</a>
(netty-codec-http)</li>
<li><a
href="https://github.com/netty/netty/security/advisories/GHSA-cm33-6792-r9fm";>CVE-2026-42579</a>
(netty-codec-dns)</li>
<li><a
href="https://github.com/netty/netty/security/advisories/GHSA-2c5c-chwr-9hqw";>CVE-2026-42582</a>
(netty-codec-http3)</li>
<li><a
href="https://github.com/netty/netty/security/advisories/GHSA-mj4r-2hfc-f8p6";>CVE-2026-42583</a>
(netty-codec, netty-codec-compression)</li>
<li><a
href="https://github.com/netty/netty/security/advisories/GHSA-57rv-r2g8-2cj3";>CVE-2026-42584</a>
(netty-codec-http)</li>
<li><a
href="https://github.com/netty/netty/security/advisories/GHSA-jfg9-48mv-9qgx";>CVE-2026-44248</a>
(netty-codec-mqtt)</li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>Kqueue: sendfile EINTR doesn't advance offset — data duplication by
<a
href="https://github.com/normanmaurer";><code>@normanmaurer</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16544";>netty/netty#16544</a></li>
<li>Replace usage of strerror with thread-safe alternative by <a
href="https://github.com/normanmaurer";><code>@normanmaurer</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16547";>netty/netty#16547</a></li>
<li>Fix implementation of strerror_r_xsi for GNU by <a
href="https://github.com/normanmaurer";><code>@normanmaurer</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16546";>netty/netty#16546</a></li>
<li>Lazy init ArrayList in DefaultHeaders.getAll by <a
href="https://github.com/doom369";><code>@doom369</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16526";>netty/netty#16526</a></li>
<li>Less logging in AWS-LC build by <a
href="https://github.com/chrisvest";><code>@chrisvest</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16565";>netty/netty#16565</a></li>
<li>Ensure the CRYPTO_BUFFER_POOL is also freed when we fail creating
the SSLContext by <a
href="https://github.com/normanmaurer";><code>@normanmaurer</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16545";>netty/netty#16545</a></li>
<li>Auto-port 4.2: Fix IndexOutOfBoundsException in StompSubframeDecoder
on heartbeat by <a
href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16543";>netty/netty#16543</a></li>
<li>Avoid leak in PemReader on OutOfDirectMemoryError by <a
href="https://github.com/raipc";><code>@raipc</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16551";>netty/netty#16551</a></li>
<li>IoUring: Disable test while we debug to unblock other builds by <a
href="https://github.com/normanmaurer";><code>@normanmaurer</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16581";>netty/netty#16581</a></li>
<li>Include user properties and subscription IDs in
MqttProperties#isEmpty by <a
href="https://github.com/ShadowySpirits";><code>@ShadowySpirits</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16575";>netty/netty#16575</a></li>
<li>Native DNS resolver: Guard against malloc failures by <a
href="https://github.com/normanmaurer";><code>@normanmaurer</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16559";>netty/netty#16559</a></li>
<li>Auto-port 4.2: Increase timeouts for QuicChannelConnectTest by <a
href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16578";>netty/netty#16578</a></li>
<li>Fix parsing HTTP chunks with multiple extensions by <a
href="https://github.com/chrisvest";><code>@chrisvest</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16579";>netty/netty#16579</a></li>
<li>Bump org.codehaus.plexus:plexus-utils from 3.4.2 to 4.0.3 in
/codec-native-quic by <a
href="https://github.com/dependabot";><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/netty/netty/pull/16572";>netty/netty#16572</a></li>
<li>Revert to PR build to Ubuntu 22.04 by <a
href="https://github.com/chrisvest";><code>@chrisvest</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16595";>netty/netty#16595</a></li>
<li>Native transports: Correctly create pipe when pipe2 is not supported
by <a
href="https://github.com/normanmaurer";><code>@normanmaurer</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16592";>netty/netty#16592</a></li>
<li>Epoll: Cleanup code to always return negative value on failure by <a
href="https://github.com/normanmaurer";><code>@normanmaurer</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16591";>netty/netty#16591</a></li>
<li>Fix component search fast path by <a
href="https://github.com/yawkat";><code>@yawkat</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16548";>netty/netty#16548</a></li>
<li>Stabilize read-only toStringMultipleThreads1 by <a
href="https://github.com/chrisvest";><code>@chrisvest</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16608";>netty/netty#16608</a></li>
<li>Stabilize more AbstractByteBufTests by <a
href="https://github.com/chrisvest";><code>@chrisvest</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16611";>netty/netty#16611</a></li>
<li>Remove note about needing 256-bit for PQC by <a
href="https://github.com/chrisvest";><code>@chrisvest</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16605";>netty/netty#16605</a></li>
<li>Stabilize testSessionInvalidate for Conscrypt by <a
href="https://github.com/chrisvest";><code>@chrisvest</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16615";>netty/netty#16615</a></li>
<li>Quic: Correctly handle SSL_CTX_new failures by <a
href="https://github.com/normanmaurer";><code>@normanmaurer</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16622";>netty/netty#16622</a></li>
<li>Make LocalIoHandle public by <a
href="https://github.com/rdicroce";><code>@rdicroce</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16621";>netty/netty#16621</a></li>
<li>Quic: Fix shadowing of variable which leads to incorrectly handling
errors by <a
href="https://github.com/normanmaurer";><code>@normanmaurer</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16623";>netty/netty#16623</a></li>
<li>Auto-port 4.2: Use stream error for maxContentLength exceeded in
InboundHttp2ToHttpAdapter by <a
href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16629";>netty/netty#16629</a></li>
<li>Fix <code>shutdownInput</code> bug in kqueue for empty recv buffer
by <a href="https://github.com/chrisvest";><code>@chrisvest</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16630";>netty/netty#16630</a></li>
<li>fix FFM address semantics in directBufferAddress by <a
href="https://github.com/dreamlike-ocean";><code>@dreamlike-ocean</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16603";>netty/netty#16603</a></li>
<li>HTTP2: Ensure HTTP2 preface is always send as first message by <a
href="https://github.com/normanmaurer";><code>@normanmaurer</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16636";>netty/netty#16636</a></li>
<li>Move Http2FrameCodecSubClassTest to correct package by <a
href="https://github.com/normanmaurer";><code>@normanmaurer</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16640";>netty/netty#16640</a></li>
<li>Kqueue: Fix usage of LOCAL_PEERPID by <a
href="https://github.com/normanmaurer";><code>@normanmaurer</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16637";>netty/netty#16637</a></li>
<li>Avoid ArrayQueue allocation in HttpServerCodec by <a
href="https://github.com/doom369";><code>@doom369</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16596";>netty/netty#16596</a></li>
<li>Fix file descriptor reuse bug in kqueue by <a
href="https://github.com/chrisvest";><code>@chrisvest</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16650";>netty/netty#16650</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/netty/netty/commit/b3844c8108b42f68d56144b36d4d1ed96078a688";><code>b3844c8</code></a>
[maven-release-plugin] prepare release netty-4.2.13.Final</li>
<li><a
href="https://github.com/netty/netty/commit/82f47fa53571d04d8add02e3a01762cebd139a00";><code>82f47fa</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/netty/netty/commit/ada0999ae6a011c787203108c8d987e0bc25b82d";><code>ada0999</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/netty/netty/commit/b4051e230e2fd349892f3739d6770b006c1d7528";><code>b4051e2</code></a>
Fix BrotliDecoder not forwarding all decompressed chunks</li>
<li><a
href="https://github.com/netty/netty/commit/67207c19218d7962f772af234f89de4424c7cf07";><code>67207c1</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/netty/netty/commit/541ca7c645b8bd04901b54136b745622be289d19";><code>541ca7c</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/netty/netty/commit/943edb361423eee5574b636a8c2bf6baf5cb2464";><code>943edb3</code></a>
Fix codec-dns tests</li>
<li><a
href="https://github.com/netty/netty/commit/6459a284e6653c90fe4b15c0e8516d8302b1cd0e";><code>6459a28</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/netty/netty/commit/b4ba61bd9059156cc9dcece7a81ea389efe571c2";><code>b4ba61b</code></a>
Fix checkstyle in HttpObjectDecoder</li>
<li><a
href="https://github.com/netty/netty/commit/977661f71f7511ad68ca17cabd7b5185efb978f4";><code>977661f</code></a>
Merge commit from fork</li>
<li>Additional commits viewable in <a
href="https://github.com/netty/netty/compare/netty-4.2.12.Final...netty-4.2.13.Final";>compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot]
<49699333+dependabot[bot]@users.noreply.github.com>
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index dabb02594..df387a067 100644
--- a/pom.xml
+++ b/pom.xml
@@ -98,7 +98,7 @@ under the License.
<dep.junit.jupiter.version>5.12.2</dep.junit.jupiter.version>
<dep.slf4j.version>2.0.17</dep.slf4j.version>
<dep.guava-bom.version>33.6.0-jre</dep.guava-bom.version>
- <dep.netty-bom.version>4.2.12.Final</dep.netty-bom.version>
+ <dep.netty-bom.version>4.2.13.Final</dep.netty-bom.version>
<dep.grpc-bom.version>1.80.0</dep.grpc-bom.version>
<dep.protobuf-bom.version>4.34.1</dep.protobuf-bom.version>
<dep.jackson-bom.version>2.21.3</dep.jackson-bom.version>
